Votre question

Pub intempestive + lag + redirection pub (ordi = poubelle)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Mai 2009 21:50:03

Bonjour.

Geste peut-être un peu égoïste, mais je me permet de créer un nouveau topic, car l'internaute qui m'a aidé ne répond plus, et je suis dans un cas de + en + critique.

Donc, depuis quelques temps j'ai beaucoup de pub intempestives, sur google lorsque je clic je suis redirigé vers la pub et le web ( et un peu moins l'ordi) sont très lent. Pour finir, je n'ai pas accés à certains sites, par exemple l'équipe.fr (impossible de voir les actualités.)


Bref, a ce qui parait mon ordinateur est une vraie poubelle, j'aimerais beaucoup que cela ne soit plus le cas. Précision, pour Combo Fix je ne parviens pas à enlever mes antivirus (BitDeefender déconne et pour AVG je ne connais pas la manipulation)


Voici le lien de mon précédent topic :
http://www.infos-du-net.com/forum/287071-11-gros-proble...

Un grand merci d'avance.

Autres pages sur : pub intempestive lag redirection pub ordi poubelle

a c 333 8 Sécurité
5 Mai 2009 21:57:07

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    6 Mai 2009 14:30:22

    Bonjour, et merci pour ton aide.

    Voici Log.txt

    Citation :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by maxime at 2009-05-06 14:27:23
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 81 GB (55%) free of 147 GB
    Total RAM: 767 MB (23% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:28:01, on 06/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\documents and settings\maxime\local settings\application data\wimgwos.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\maxime\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\maxime.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
    O4 - HKLM\..\Run: [CPM9be5ba2f] Rundll32.exe "c:\windows\system32\herawuve.dll",a
    O4 - HKLM\..\Run: [98d689b3] rundll32.exe "C:\WINDOWS\system32\pamuzuwa.dll",b
    O4 - HKLM\..\Run: [kizanewezi] Rundll32.exe "C:\WINDOWS\system32\romezeju.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [wimgwos] "c:\documents and settings\maxime\local settings\application data\wimgwos.exe" wimgwos
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\qsmxf.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\qsmxf.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\pudosuji.dll C:\WINDOWS\system32\fajodiya.dll c:\windows\system32\herawuve.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
    O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
    O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

    --
    End of file - 10202 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}]
    C:\WINDOWS\system32\afnoinkdsfe.dll - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-20 1968920]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
    "prnet"=C:\WINDOWS\system32\prnet.tmp []
    "CPM9be5ba2f"=c:\windows\system32\herawuve.dll [2009-05-01 81920]
    "98d689b3"=C:\WINDOWS\system32\pamuzuwa.dll [2009-05-01 79360]
    "kizanewezi"=C:\WINDOWS\system32\romezeju.dll,s []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
    "wimgwos"=c:\documents and settings\maxime\local settings\application data\wimgwos.exe [2009-04-26 317440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    - []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
    C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-01-01 95960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-01-27 70760]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2
    "SNDSrvc"=2
    "SBService"=2
    "SAVScan"=3
    "navapsvc"=3
    "ccSetMgr"=2
    "ccPwdSvc"=3
    "ccProxy"=2
    "ccEvtMgr"=2

    C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
    Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\system32\pudosuji.dll C:\WINDOWS\system32\fajodiya.dll c:\windows\system32\herawuve.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll [2009-05-01 81920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll [2009-05-01 81920]
    jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll [2009-05-01 15000]
    sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\WINDOWS\system32\pudosuji.dll
    C:\WINDOWS\system32\fajodiya.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoSetActiveDesktop"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=
    "NoSetActiveDesktop"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:p ANDORA"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Documents and Settings\maxime\Bureau\AgeofEmpire2(2)\empires2.exe"="C:\Documents and Settings\maxime\Bureau\AgeofEmpire2(2)\empires2.exe:*:D isabled:Age of Empires II"
    "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-05-06 14:27:23 ----D---- C:\rsit
    2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
    2009-05-05 15:42:44 ----A---- C:\WINDOWS\system32\afnoinkdsfe.dll
    2009-05-03 17:51:49 ----A---- C:\Bug.txt
    2009-05-03 17:51:47 ----A---- C:\WINDOWS\system32\cmd.execf
    2009-05-03 17:51:35 ----D---- C:\32788R22FWJFW
    2009-05-02 22:04:09 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-05-02 22:00:47 ----D---- C:\SDFix
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\WS2Fix.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\VCCLSID.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\VACFix.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\IEDFix.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\dumphive.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\404Fix.exe
    2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\SrchSTS.exe
    2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\Process.exe
    2009-05-01 12:39:44 ----A---- C:\WINDOWS\system32\lmppcsetup.exe
    2009-05-01 12:22:15 ----A---- C:\WINDOWS\system32\ntdll64.exe
    2009-05-01 12:22:07 ----A---- C:\WINDOWS\system32\loader49.exe
    2009-05-01 12:18:02 ----A---- C:\WINDOWS\system32\p2hhr.bat
    2009-05-01 12:07:06 ----A---- C:\WINDOWS\system32\yhs783ijfo3fe.dll
    2009-05-01 12:07:06 ----A---- C:\WINDOWS\system32\ak1.exe
    2009-05-01 11:59:42 ----SH---- C:\WINDOWS\system32\awuzumap.ini
    2009-04-30 22:05:49 ----D---- C:\Documents and Settings\maxime\Application Data\pidle
    2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

    ======List of files/folders modified in the last 1 months======

    2009-05-06 14:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-06 14:09:13 ----SD---- C:\WINDOWS\Tasks
    2009-05-06 14:04:35 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
    2009-05-06 13:33:14 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-06 13:33:02 ----D---- C:\WINDOWS\temp
    2009-05-06 13:33:02 ----D---- C:\WINDOWS\system32
    2009-05-06 13:32:12 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
    2009-05-06 13:31:56 ----D---- C:\WINDOWS
    2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
    2009-05-05 15:43:01 ----D---- C:\WINDOWS\Prefetch
    2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
    2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
    2009-05-04 19:39:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-05-02 21:55:08 ----SHD---- C:\WINDOWS\Installer
    2009-05-02 21:54:58 ----HD---- C:\Config.Msi
    2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
    2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
    2009-05-01 14:46:51 ----A---- C:\rapport.txt
    2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-01 12:34:28 ----D---- C:\WINDOWS\Minidump
    2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
    2009-05-01 11:59:26 ----N---- C:\WINDOWS\system32\herawuve.dll
    2009-05-01 11:59:25 ----ASH---- C:\WINDOWS\system32\pamuzuwa.dll
    2009-05-01 11:59:25 ----ASH---- C:\WINDOWS\system32\kebajuvi.exe
    2009-05-01 11:51:44 ----D---- C:\WINDOWS\system32\drivers
    2009-04-29 22:20:19 ----HD---- C:\WINDOWS\inf
    2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-29 14:09:26 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
    2009-04-26 22:52:25 ----RD---- C:\Program Files
    2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs
    2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
    2009-04-16 12:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
    2009-04-16 12:08:01 ----D---- C:\WINDOWS\AppPatch
    2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer
    2009-04-07 17:35:05 ----D---- C:\Program Files\Dofus

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
    R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
    R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
    R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
    R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
    R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-01-21 11544]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-01-21 172216]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-01-21 35000]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20080508.002\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-01-21 46808]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
    S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
    S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
    S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
    S3 catchme;catchme; \??\C:\Comboidn\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG.Sys []
    S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NavEx15.Sys []
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 SAVRT;SAVRT; - []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
    R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
    S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe /service []
    S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
    S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe /service []
    S2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe /service []
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 ccEvtMgr;Symantec Event Manager; - []
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
    S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    S3 SNDSrvc;Symantec Network Drivers Service; - []
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-03-21 218712]
    S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2006-01-11 87696]
    S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-01-11 235152]
    S4 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2003-12-04 158640]
    S4 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-01-25 194272]
    S4 SBService;ScriptBlocking Service; C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
    S4 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

    -----------------EOF-----------------







    Et maintenant voici info.txt

    Citation :
    info.txt logfile of random's system information tool 1.06 2009-05-06 14:28:11

    ======Uninstall list======

    -->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
    -->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
    -->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
    -->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
    -->C:\Program Files\Learn2.com\StRunner\stuninst.exe
    -->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    -->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    -->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
    -->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Reader 6.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-000000000001}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
    Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
    AnglaisFacile.com - Barre Verbes Irréguliers-->"C:\Program Files\AnglaisFacile.com\Barre Verbes Irréguliers\uninstall.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
    Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Aztech CNR2900 V.90 Modem-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
    BitDefender Antivirus 2008-->MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
    CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
    CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
    ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Cosmo Player 2.1 (38329)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CosmoSoftware\CosmoPlayer\CosmoPlayer21.isu"
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe
    EVEREST Corporate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
    Favorit-->"c:\documents and settings\maxime\local settings\application data\wimgwos.exe" -uninstall
    FinePixViewer Ver.4.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
    FM Modifier 2.22-->MsiExec.exe /I{AE86AE81-CD7F-496F-A39F-0210C985E71B}
    Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe
    GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
    HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Jette7 version 1.0-->"C:\Program Files\Jette7\unins000.exe"
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    K-Lite Codec Pack 2.75 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
    Labtec Mouse Software 3.0-->C:\Program Files\Labtec\Mouse\V3.0\uninst00.exe
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
    Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -l040c
    LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
    L'Internet ADSL de Cegetel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A16E2D86-7D92-48F4-9649-6029C96D4D8F}\Setup.exe" -l0x40c
    Live-Player-->C:\Program Files\Live-Player\uninst.exe
    LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LRC Editor 4.0 (remove only)-->"C:\Program Files\LRC Editor 4\uninst-gsle4.exe"
    Ma-Config.com plugin-->MsiExec.exe /I{BF85A9D4-030F-4D2A-83CF-D4DDA0D3E68C}
    Macrogaming SweetIM 1.2a-->MsiExec.exe /X{872D953F-933F-4F8A-BDC9-A84AFA0098F4}
    Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
    Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
    MaxTV - TVU Player Plugin-->"C:\WINDOWS\MaxTV - TVU Player Plugin\uninstall.exe" "/U:C:\Program Files\DMV\MaxTV\plugins\Uninstall\uninstall.xml"
    Mega Bloc Notes 5.2.0-->C:\Program Files\Mega Bloc Notes\desinstall.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
    Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-040C-0000-0000000FF1CE}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
    Migratio-->MsiExec.exe /I{5DA3411A-EABC-485A-A19E-7444BBD7B151}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
    Navilog1 Version 2.0.9-->"C:\Program Files\Navilog1\uninstall.exe"
    Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
    Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
    Norton AntiVirus-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
    Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
    Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
    Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
    Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
    Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
    Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
    Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
    Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
    OpenOffice.org 2.2-->MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
    Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
    Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PokerTH-->C:\Program Files\PokerTH\uninstall.exe
    QI98 v 4.50-->C:\WINDOWS\ST5UNST.EXE -n "c:\ST5UNST.LOG"
    Questions pour un Champion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAF1D000-210B-11D9-B771-00C04F4351FF}\Setup.exe" -l0x40c
    Quick Zip 4.60.017b-->"C:\Program Files\QuickZip4\unins000.exe"
    QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
    Runtime 8.0 Libraries-->MsiExec.exe /I{EA4FA30B-7321-4428-90E9-28B088EC8DC9}
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\Install.LOG
    Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}
    Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
    Vade Retro Outllook & Outlook Express-->C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG
    Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
    Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    WinHTTrack Website Copier 3.41-2-->"C:\Program Files\WinHTTrack\unins000.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    ======Security center information======

    AV: Bitdefender Antivirus
    AV: AVG Anti-Virus Free (disabled)
    AV: Norton AntiVirus (disabled) (outdated)
    FW: Norton Internet Security (disabled)

    ======System event log======

    Computer Name: 202878480001
    Event Code: 7036
    Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 15333
    Source Name: Service Control Manager
    Time Written: 20090404200153.000000+120
    Event Type: Informations
    User:

    Computer Name: 202878480001
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

    Record Number: 15332
    Source Name: Service Control Manager
    Time Written: 20090404200150.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: 202878480001
    Event Code: 7036
    Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

    Record Number: 15331
    Source Name: Service Control Manager
    Time Written: 20090404200148.000000+120
    Event Type: Informations
    User:

    Computer Name: 202878480001
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

    Record Number: 15330
    Source Name: Service Control Manager
    Time Written: 20090404200148.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: 202878480001
    Event Code: 7036
    Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

    Record Number: 15329
    Source Name: Service Control Manager
    Time Written: 20090404200147.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: 202878480001
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 706
    Source Name: SecurityCenter
    Time Written: 20081114220242.000000+060
    Event Type: Informations
    User:

    Computer Name: 202878480001
    Event Code: 1
    Message:
    Record Number: 705
    Source Name: Bonjour Service
    Time Written: 20081114220238.000000+060
    Event Type: Informations
    User:

    Computer Name: 202878480001
    Event Code: 0
    Message:
    Record Number: 704
    Source Name: gusvc
    Time Written: 20081114220238.000000+060
    Event Type: Informations
    User:

    Computer Name: 202878480001
    Event Code: 20
    Message:
    Record Number: 703
    Source Name: Google Update
    Time Written: 20081114210604.000000+060
    Event Type: erreur
    User: 202878480001\maxime

    Computer Name: 202878480001
    Event Code: 20
    Message:
    Record Number: 702
    Source Name: Google Update
    Time Written: 20081114200602.000000+060
    Event Type: erreur
    User: 202878480001\maxime

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\FICHIE~1\SONICS~1;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Contenus similaires
    a c 333 8 Sécurité
    6 Mai 2009 16:41:09

    Effectivement, fais ComboFix.

    Vu que tu n'arrives pas à désactiver ton antivirus, continue quand même.
    6 Mai 2009 18:48:00

    Re. Voici le rapport Combo Fix.

    Citation :
    ComboFix 09-05-05.04 - maxime 06/05/2009 18:28.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.767.464 [GMT 2:00]
    Lancé depuis: c:\documents and settings\maxime\Bureau\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
    AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
    FW: Norton Internet Security *disabled*
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\maxime\Application Data\pidle
    c:\documents and settings\maxime\Local Settings\Application Data\wimgwos.dat
    c:\documents and settings\maxime\Local Settings\Application Data\wimgwos.exe
    c:\documents and settings\maxime\Local Settings\Application Data\wimgwos_nav.dat
    c:\documents and settings\maxime\Local Settings\Application Data\wimgwos_navps.dat
    c:\windows\system32\404Fix.exe
    c:\windows\system32\afnoinkdsfe.dll
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\ak1.exe
    c:\windows\system32\awuzumap.ini
    c:\windows\system32\drivers\ovfsthhpqibchtcxrpopqfquumqnmxbyrwhwgp.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\herawuve.dll
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\kebajuvi.exe
    c:\windows\system32\lmppcsetup.exe
    c:\windows\system32\loader49.exe
    c:\windows\system32\mudagisi.dll
    c:\windows\system32\ntdll64.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\ovfsthapiupepoacbhxpoiaxtdutbqalpetmvo.dll
    c:\windows\system32\ovfsthbftwbgmlexgkduukhaveusytxmttpkld.dat
    c:\windows\system32\ovfsthdwpcycryswkvnykdbyuiovfhnulexiow.dll
    c:\windows\system32\ovfsthjyimspehjwkpujobovvfxrgnseqrndes.dat
    c:\windows\system32\ovfsthwlwsvchrxkuqdrbqokkvdkoerqpfggnq.dll
    c:\windows\system32\p2hhr.bat
    c:\windows\system32\pamuzuwa.dll
    c:\windows\system32\Process.exe
    c:\windows\system32\rolivepa.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\uniq.tll
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\system32\yhs783ijfo3fe.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthtnxrxvirxerxepmavsievobabvwtbvoq


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-06 au 2009-05-06 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-06 12:27 . 2009-05-06 12:28 -------- d-----w C:\rsit
    2009-05-02 20:00 . 2008-11-06 00:03 -------- d-----w C:\SDFix
    2009-05-02 19:55 . 2009-05-02 19:55 -------- d-----w c:\documents and settings\maxime\Local Settings\Application Data\Opera
    2009-05-01 10:33 . 2009-05-01 10:33 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
    2009-04-26 20:48 . 2009-04-26 20:48 -------- d-----w c:\program files\Fichiers communs\DVDVIDEOSOFT
    2009-04-15 10:45 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
    2009-04-15 10:45 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 10:45 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 10:45 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 10:45 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
    2009-04-15 10:45 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 10:45 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
    2009-04-15 10:45 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 10:45 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 10:45 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 10:44 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 10:44 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-06 11:30 . 2009-05-06 11:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys.prepare
    2009-05-06 11:30 . 2009-05-06 11:30 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys.prepare
    2009-05-02 19:54 . 2008-04-17 17:55 -------- d-----w c:\program files\Opera
    2009-04-17 19:34 . 2006-12-24 13:53 -------- d-----w c:\program files\LimeWire
    2009-04-16 10:13 . 2004-08-16 15:41 76136 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-16 10:13 . 2004-08-16 15:41 469622 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-07 15:35 . 2008-02-24 15:49 -------- d-----w c:\program files\Dofus
    2009-04-05 21:22 . 2009-04-05 21:22 -------- d-----w c:\program files\Messenger Plus! Live
    2009-04-02 16:42 . 2009-04-02 16:42 -------- d-----w c:\program files\Microsoft
    2009-04-02 16:41 . 2009-04-02 16:41 -------- d-----w c:\program files\Windows Live SkyDrive
    2009-04-02 16:41 . 2008-05-11 23:19 -------- d-----w c:\program files\Windows Live
    2009-03-29 13:39 . 2009-03-22 21:03 -------- d-----w c:\program files\Privacy center
    2009-03-17 20:11 . 2009-03-17 20:11 -------- d-----w c:\program files\FM Modifier 2.2
    2009-03-06 14:46 . 2008-05-09 19:13 286208 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:13 . 2004-08-16 15:41 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2008-05-09 19:15 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-20 10:48 . 2009-02-20 10:48 10520 ----a-w c:\windows\system32\avgrsstx.dll
    2009-02-20 10:48 . 2008-12-15 20:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-09 14:17 . 2008-05-09 20:24 1846400 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:50 . 2008-05-09 20:24 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 11:50 . 2008-05-09 20:24 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 10:20 . 2008-05-09 20:25 730112 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:20 . 2008-05-09 20:25 685056 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:20 . 2008-05-09 19:13 399360 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:20 . 2008-05-09 20:24 739840 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 10:08 . 2008-05-09 20:24 111104 ----a-w c:\windows\system32\services.exe
    2009-02-06 16:54 . 2004-08-16 15:41 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
    2007-09-30 10:56 . 2006-11-15 18:04 11264 --sha-w c:\program files\Thumbs.db
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.drv120405.dat
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data211204.dat
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data211004.dat
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data110704.dat
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.dat000002.dat
    2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.dat000001.dat
    2006-10-21 10:34 . 2007-05-20 12:02 544 ----a-w c:\program files\como instalar.txt
    2006-09-26 16:55 . 2007-05-20 12:02 49167680 ----a-w c:\program files\Setup FM2007 PC.exe
    2006-09-26 16:55 . 2007-05-20 12:02 389623 ----a-w c:\program files\Install FM2007 Mac.command
    2006-09-26 16:55 . 2007-05-20 12:02 456062653 ----a-w c:\program files\setup.jar
    2006-09-26 16:52 . 2007-05-20 12:02 13 ----a-w c:\program files\media.inf
    2006-09-26 14:21 . 2007-05-20 12:02 46592 ----a-w c:\program files\DrvMgt.dll
    2006-09-26 14:21 . 2007-05-20 12:02 163644 ----a-w c:\program files\SECDRV.SYS
    2006-09-12 15:08 . 2007-05-20 12:02 4233 ----a-w c:\program files\readme_English.txt
    2006-09-11 14:12 . 2007-05-20 12:02 23040 ----a-w c:\program files\autorun.exe
    2006-04-19 16:06 . 2006-04-19 16:06 774144 ----a-w c:\program files\RngInterstitial.dll
    2006-03-15 17:43 . 2006-04-17 13:43 4286 ----a-w c:\program files\wrench.ico
    2006-03-15 13:46 . 2006-04-17 13:43 2238 ----a-w c:\program files\888.com.ico
    .

    ------- Sigcheck -------

    [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\sp2gdr\tcpip.sys
    [7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\sp2qfe\tcpip.sys
    [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
    [-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-23 180269]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    c:\documents and settings\maxime\Menu D‚marrer\Programmes\D‚marrage\
    Outil de notification Live Search.lnk - c:\documents and settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-31 143360]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-02-20 10:48 10520 ----a-w c:\windows\system32\avgrsstx.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave1"= serwvdrv.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
    backup=c:\windows\pss\Antivirus Firewall.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2 (0x2)
    "SNDSrvc"=2 (0x2)
    "SBService"=2 (0x2)
    "SAVScan"=3 (0x3)
    "navapsvc"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AUtHorizedapplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\APPS\\Inventime\\my.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
    "c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7072:TCP"= 7072:TCP:Microsoft standard protector

    R0 konutzbq;Microsoft RPC API Helper;c:\windows\system32\drivers\srfonkog.sys --> c:\windows\system32\drivers\srfonkog.sys [?]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/12/2008 22:11 325128]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/02/2009 12:48 298264]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [12/07/2008 20:22 6016]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [01/01/1980 751104]
    R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [03/11/2008 11:47 264576]
    S2 OPTENET_FILTER;Securitoo Contrôle Parental;c:\program files\Securitoo\Contrôle Parental\bin\optproxy.exe [02/04/2006 15:05 497744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rlssedmt
    ki?
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

    2009-05-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 18:58]

    2009-05-01 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-22 19:06]

    2009-05-06 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-23 11:39]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
    HKCU-Run-wimgwos - c:\documents and settings\maxime\local settings\application data\wimgwos.exe
    HKLM-Run-prnet - c:\windows\system32\prnet.tmp
    HKLM-Run-kizanewezi - c:\windows\system32\romezeju.dll
    HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\qsmxf.exe
    SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
    SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
    SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\afnoinkdsfe.dll


    .
    ------- Examen supplémentaire -------
    .
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.fr/
    FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{009b1404-eea3-44a5-8aab-910f8be039a2}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{d4131e21-73f9-4b4d-97dc-49b34dfa34f2}\components\FFAlert.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-06 18:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
    "ImagePath"="-"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
    "GameDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008"
    "SaveDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\"
    "HistoryDir"="c:\\Documents and Settings\\maxime\\Bureau\\FM Genie Scout 2008\\History Points"
    "LangDB"=""
    "LastSaveGame"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\games\\CFA.fm"
    "Language"="French"
    "LoadLangDB"=dword:00000000
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinID"=dword:00000001
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "WindowState"=dword:00000000
    "Currency"=dword:00000056
    "WindowHeight"=dword:00000365
    "WindowWidth"=dword:000003fc
    "WindowLeft"=dword:00000042
    "WindowTop"=dword:00000000
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:00000067
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:0000004f
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000042
    "Position4"=dword:00000004
    "Visible4"=dword:00000001
    "Width4"=dword:00000054
    "Position5"=dword:00000005
    "Visible5"=dword:00000001
    "Width5"=dword:00000050
    "Position6"=dword:00000006
    "Visible6"=dword:00000001
    "Width6"=dword:00000050
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:0000004f
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000002d
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000001e
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000001e
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000001e
    "Position13"=dword:0000000d
    "Visible13"=dword:00000001
    "Width13"=dword:00000044
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000032
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:00000032
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000032
    "Position17"=dword:00000011
    "Visible17"=dword:00000001
    "Width17"=dword:00000050
    "Position18"=dword:00000012
    "Visible18"=dword:00000001
    "Width18"=dword:00000067
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050

    [HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:00000092
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000078
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000079
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000037
    "Position4"=dword:00000008
    "Visible4"=dword:00000001
    "Width4"=dword:00000023
    "Position5"=dword:00000009
    "Visible5"=dword:00000001
    "Width5"=dword:00000042
    "Position6"=dword:0000000a
    "Visible6"=dword:00000001
    "Width6"=dword:00000074
    "Position7"=dword:0000000c
    "Visible7"=dword:00000001
    "Width7"=dword:0000004b
    "Position8"=dword:0000000d
    "Visible8"=dword:00000001
    "Width8"=dword:0000005f
    "Position9"=dword:0000000e
    "Visible9"=dword:00000001
    "Width9"=dword:00000049
    "Position10"=dword:00000010
    "Visible10"=dword:00000000
    "Width10"=dword:00000050
    "Position11"=dword:00000011
    "Visible11"=dword:00000000
    "Width11"=dword:0000004b
    "Position12"=dword:00000012
    "Visible12"=dword:00000000
    "Width12"=dword:0000002d
    "Position13"=dword:00000013
    "Visible13"=dword:00000000
    "Width13"=dword:0000003c
    "Position14"=dword:00000014
    "Visible14"=dword:00000000
    "Width14"=dword:0000004b
    "Position15"=dword:00000015
    "Visible15"=dword:00000000
    "Width15"=dword:00000064
    "Position16"=dword:00000016
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000017
    "Visible17"=dword:00000000
    "Width17"=dword:0000004b
    "Position18"=dword:00000018
    "Visible18"=dword:00000000
    "Width18"=dword:00000064
    "Position19"=dword:00000019
    "Visible19"=dword:00000000
    "Width19"=dword:0000003c
    "Position20"=dword:0000001a
    "Visible20"=dword:00000000
    "Width20"=dword:0000004b
    "Position21"=dword:0000001b
    "Visible21"=dword:00000000
    "Width21"=dword:00000050
    "Position22"=dword:0000001c
    "Visible22"=dword:00000000
    "Width22"=dword:00000073
    "Position23"=dword:0000001d
    "Visible23"=dword:00000000
    "Width23"=dword:00000050
    "Position24"=dword:0000001e
    "Visible24"=dword:00000000
    "Width24"=dword:0000005a
    "Position25"=dword:0000001f
    "Visible25"=dword:00000000
    "Width25"=dword:0000006e
    "Position26"=dword:00000020
    "Visible26"=dword:00000000
    "Width26"=dword:00000064
    "Position27"=dword:00000021
    "Visible27"=dword:00000000
    "Width27"=dword:00000087
    "Position28"=dword:00000022
    "Visible28"=dword:00000000
    "Width28"=dword:00000064
    "Position29"=dword:00000023
    "Visible29"=dword:00000000
    "Width29"=dword:00000064
    "Position30"=dword:00000024
    "Visible30"=dword:00000000
    "Width30"=dword:00000046
    "Position31"=dword:00000025
    "Visible31"=dword:00000000
    "Width31"=dword:0000004b
    "Position32"=dword:00000026
    "Visible32"=dword:00000000
    "Width32"=dword:00000046
    "Position33"=dword:00000027
    "Visible33"=dword:00000000
    "Width33"=dword:0000004b
    "Position34"=dword:00000028
    "Visible34"=dword:00000000
    "Width34"=dword:0000003c
    "Position35"=dword:0000002a
    "Visible35"=dword:00000000
    "Width35"=dword:00000064
    "Position36"=dword:0000002e
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000030
    "Visible37"=dword:00000000
    "Width37"=dword:0000005f
    "Position38"=dword:00000033
    "Visible38"=dword:00000000
    "Width38"=dword:00000091
    "Position39"=dword:00000035
    "Visible39"=dword:00000000
    "Width39"=dword:0000003c
    "Position40"=dword:0000002c
    "Visible40"=dword:00000000
    "Width40"=dword:0000005a
    "Position41"=dword:00000036
    "Visible41"=dword:00000000
    "Width41"=dword:00000041
    "Position42"=dword:00000029
    "Visible42"=dword:00000000
    "Width42"=dword:00000050
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000055
    "Position44"=dword:0000002d
    "Visible44"=dword:00000000
    "Width44"=dword:0000005f
    "Position45"=dword:00000037
    "Visible45"=dword:00000000
    "Width45"=dword:00000050
    "Position46"=dword:00000038
    "Visible46"=dword:00000000
    "Width46"=dword:0000004b
    "Position47"=dword:00000039
    "Visible47"=dword:00000000
    "Width47"=dword:0000004b
    "Position48"=dword:0000003a
    "Visible48"=dword:00000000
    "Width48"=dword:00000046
    "Position49"=dword:0000003b
    "Visible49"=dword:00000000
    "Width49"=dword:00000032
    "Position50"=dword:0000003c
    "Visible50"=dword:00000000
    "Width50"=dword:0000003c
    "Position51"=dword:0000003d
    "Visible51"=dword:00000000
    "Width51"=dword:0000004b
    "Position52"=dword:0000003e
    "Visible52"=dword:00000000
    "Width52"=dword:0000003c
    "Position53"=dword:0000003f
    "Visible53"=dword:00000000
    "Width53"=dword:00000037
    "Position54"=dword:00000040
    "Visible54"=dword:00000000
    "Width54"=dword:00000069
    "Position55"=dword:00000041
    "Visible55"=dword:00000000
    "Width55"=dword:0000005a
    "Position56"=dword:00000044
    "Visible56"=dword:00000000
    "Width56"=dword:0000004b
    "Position57"=dword:00000045
    "Visible57"=dword:00000000
    "Width57"=dword:0000004b
    "Position58"=dword:00000046
    "Visible58"=dword:00000000
    "Width58"=dword:00000037
    "Position59"=dword:00000047
    "Visible59"=dword:00000000
    "Width59"=dword:0000003c
    "Position60"=dword:00000048
    "Visible60"=dword:00000000
    "Width60"=dword:0000003c
    "Position61"=dword:00000049
    "Visible61"=dword:00000000
    "Width61"=dword:00000041
    "Position62"=dword:0000004a
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000004b
    "Visible63"=dword:00000000
    "Width63"=dword:0000003c
    "Position64"=dword:0000004c
    "Visible64"=dword:00000000
    "Width64"=dword:0000003c
    "Position65"=dword:0000004d
    "Visible65"=dword:00000000
    "Width65"=dword:0000004b
    "Position66"=dword:0000004e
    "Visible66"=dword:00000000
    "Width66"=dword:0000003c
    "Position67"=dword:0000004f
    "Visible67"=dword:00000000
    "Width67"=dword:00000046
    "Position68"=dword:00000050
    "Visible68"=dword:00000000
    "Width68"=dword:00000028
    "Position69"=dword:00000051
    "Visible69"=dword:00000000
    "Width69"=dword:00000041
    "Position70"=dword:00000052
    "Visible70"=dword:00000000
    "Width70"=dword:0000003c
    "Position71"=dword:00000053
    "Visible71"=dword:00000000
    "Width71"=dword:00000069
    "Position72"=dword:00000054
    "Visible72"=dword:00000000
    "Width72"=dword:00000041
    "Position73"=dword:00000055
    "Visible73"=dword:00000000
    "Width73"=dword:0000005f
    "Position74"=dword:00000056
    "Visible74"=dword:00000000
    "Width74"=dword:0000003c
    "Position75"=dword:00000057
    "Visible75"=dword:00000000
    "Width75"=dword:00000037
    "Position76"=dword:00000058
    "Visible76"=dword:00000000
    "Width76"=dword:0000004b
    "Position77"=dword:00000059
    "Visible77"=dword:00000000
    "Width77"=dword:00000050
    "Position78"=dword:0000005a
    "Visible78"=dword:00000000
    "Width78"=dword:00000037
    "Position79"=dword:0000005b
    "Visible79"=dword:00000000
    "Width79"=dword:00000037
    "Position80"=dword:0000005c
    "Visible80"=dword:00000000
    "Width80"=dword:0000005a
    "Position81"=dword:0000005d
    "Visible81"=dword:00000000
    "Width81"=dword:0000004b
    "Position82"=dword:0000005e
    "Visible82"=dword:00000000
    "Width82"=dword:00000055
    "Position83"=dword:0000005f
    "Visible83"=dword:00000000
    "Width83"=dword:0000002d
    "Position84"=dword:00000060
    "Visible84"=dword:00000000
    "Width84"=dword:00000037
    "Position85"=dword:00000061
    "Visible85"=dword:00000000
    "Width85"=dword:0000003c
    "Position86"=dword:00000062
    "Visible86"=dword:00000000
    "Width86"=dword:00000046
    "Position87"=dword:00000063
    "Visible87"=dword:00000000
    "Width87"=dword:0000003c
    "Position88"=dword:00000064
    "Visible88"=dword:00000000
    "Width88"=dword:0000005a
    "Position89"=dword:00000065
    "Visible89"=dword:00000000
    "Width89"=dword:0000003c
    "Position90"=dword:00000066
    "Visible90"=dword:00000000
    "Width90"=dword:00000050
    "Position91"=dword:00000067
    "Visible91"=dword:00000000
    "Width91"=dword:00000046
    "Position92"=dword:00000068
    "Visible92"=dword:00000000
    "Width92"=dword:0000005a
    "Position93"=dword:00000069
    "Visible93"=dword:00000000
    "Width93"=dword:00000037
    "Position94"=dword:0000006a
    "Visible94"=dword:00000000
    "Width94"=dword:0000003c
    "Position95"=dword:0000006b
    "Visible95"=dword:00000000
    "Width95"=dword:0000003c
    "Position96"=dword:0000006c
    "Visible96"=dword:00000000
    "Width96"=dword:00000046
    "Position97"=dword:0000006d
    "Visible97"=dword:00000000
    "Width97"=dword:00000046
    "Position98"=dword:0000006e
    "Visible98"=dword:00000000
    "Width98"=dword:00000055
    "Position99"=dword:0000006f
    "Visible99"=dword:00000000
    "Width99"=dword:00000073
    "Position100"=dword:00000042
    "Visible100"=dword:00000000
    "Width100"=dword:00000041
    "Position101"=dword:00000070
    "Visible101"=dword:00000000
    "Width101"=dword:0000003c
    "Position102"=dword:00000071
    "Visible102"=dword:00000000
    "Width102"=dword:0000003c
    "Position103"=dword:00000072
    "Visible103"=dword:00000000
    "Width103"=dword:00000046
    "Position104"=dword:00000073
    "Visible104"=dword:00000000
    "Width104"=dword:0000003c
    "Position105"=dword:00000074
    "Visible105"=dword:00000000
    "Width105"=dword:00000041
    "Position106"=dword:0000000f
    "Visible106"=dword:00000001
    "Width106"=dword:00000066
    "Position107"=dword:0000000b
    "Visible107"=dword:00000001
    "Width107"=dword:00000028
    "Position108"=dword:00000043
    "Visible108"=dword:00000000
    "Width108"=dword:00000050
    "Position109"=dword:0000002f
    "Visible109"=dword:00000000
    "Width109"=dword:00000050
    "Position110"=dword:00000031
    "Visible110"=dword:00000000
    "Width110"=dword:00000055
    "Position111"=dword:00000032
    "Visible111"=dword:00000000
    "Width111"=dword:00000082
    "Position112"=dword:00000034
    "Visible112"=dword:00000000
    "Width112"=dword:00000087
    "Position113"=dword:00000075
    "Visible113"=dword:00000000
    "Width113"=dword:00000050
    "Position114"=dword:00000076
    "Visible114"=dword:00000000
    "Width114"=dword:00000050
    "Position115"=dword:00000077
    "Visible115"=dword:00000000
    "Width115"=dword:00000050
    "Position116"=dword:00000078
    "Visible116"=dword:00000000
    "Width116"=dword:00000050
    "Position117"=dword:00000079
    "Visible117"=dword:00000000
    "Width117"=dword:00000050
    "Position118"=dword:0000007a
    "Visible118"=dword:00000000
    "Width118"=dword:00000050
    "Position119"=dword:0000007b
    "Visible119"=dword:00000000
    "Width119"=dword:00000050
    "Position120"=dword:0000007c
    "Visible120"=dword:00000000
    "Width120"=dword:00000050
    "Position121"=dword:0000007d
    "Visible121"=dword:00000000
    "Width121"=dword:00000050
    "Position122"=dword:0000007e
    "Visible122"=dword:00000000
    "Width122"=dword:00000050
    "Position123"=dword:0000007f
    "Visible123"=dword:00000000
    "Width123"=dword:00000050
    "Position124"=dword:00000080
    "Visible124"=dword:00000000
    "Width124"=dword:00000050
    "Position125"=dword:00000081
    "Visible125"=dword:00000000
    "Width125"=dword:00000050
    "Position126"=dword:00000082
    "Visible126"=dword:00000000
    "Width126"=dword:00000050
    "Position127"=dword:00000083
    "Visible127"=dword:00000000
    "Width127"=dword:00000050
    "Position128"=dword:00000084
    "Visible128"=dword:00000000
    "Width128"=dword:00000050
    "Position129"=dword:00000085
    "Visible129"=dword:00000000
    "Width129"=dword:00000050
    "Position130"=dword:00000086
    "Visible130"=dword:00000000
    "Width130"=dword:00000050
    "Position131"=dword:00000087
    "Visible131"=dword:00000000
    "Width131"=dword:00000050
    "Position132"=dword:00000088
    "Visible132"=dword:00000000
    "Width132"=dword:00000050
    "Position133"=dword:00000089
    "Visible133"=dword:00000000
    "Width133"=dword:00000050
    "Position134"=dword:0000008a
    "Visible134"=dword:00000000
    "Width134"=dword:00000050
    "Position135"=dword:0000008b
    "Visible135"=dword:00000000
    "Width135"=dword:00000050
    "Position136"=dword:0000008c
    "Visible136"=dword:00000000
    "Width136"=dword:00000050
    "Position137"=dword:0000008d
    "Visible137"=dword:00000000
    "Width137"=dword:00000050
    "Position138"=dword:0000008e
    "Visible138"=dword:00000000
    "Width138"=dword:00000050
    "Position139"=dword:0000008f
    "Visible139"=dword:00000000
    "Width139"=dword:00000050
    "Position140"=dword:00000090
    "Visible140"=dword:00000000
    "Width140"=dword:00000050
    "Position141"=dword:00000091
    "Visible141"=dword:00000000
    "Width141"=dword:00000050
    "Position142"=dword:00000092
    "Visible142"=dword:00000000
    "Width142"=dword:00000050
    "Position143"=dword:00000093
    "Visible143"=dword:00000000
    "Width143"=dword:00000050
    "Position144"=dword:00000094
    "Visible144"=dword:00000000
    "Width144"=dword:00000050
    "Position145"=dword:00000095
    "Visible145"=dword:00000000
    "Width145"=dword:00000050
    "Position146"=dword:00000004
    "Visible146"=dword:00000000
    "Width146"=dword:00000037
    "Position147"=dword:00000005
    "Visible147"=dword:00000000
    "Width147"=dword:00000028
    "Position148"=dword:00000006
    "Visible148"=dword:00000000
    "Width148"=dword:00000037
    "Position149"=dword:00000007
    "Visible149"=dword:00000001
    "Width149"=dword:00000032

    [HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000069
    "Position4"=dword:00000005
    "Visible4"=dword:00000001
    "Width4"=dword:00000028
    "Position5"=dword:00000006
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:00000004
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000004b
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000002d
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000003c
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000004b
    "Position13"=dword:0000000d
    "Visible13"=dword:00000000
    "Width13"=dword:00000064
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000064
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:0000004b
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000011
    "Visible17"=dword:00000000
    "Width17"=dword:0000003c
    "Position18"=dword:00000012
    "Visible18"=dword:00000000
    "Width18"=dword:0000004b
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050
    "Position20"=dword:00000014
    "Visible20"=dword:00000000
    "Width20"=dword:00000046
    "Position21"=dword:00000015
    "Visible21"=dword:00000000
    "Width21"=dword:0000004b
    "Position22"=dword:00000016
    "Visible22"=dword:00000000
    "Width22"=dword:00000046
    "Position23"=dword:00000017
    "Visible23"=dword:00000000
    "Width23"=dword:00000046
    "Position24"=dword:00000018
    "Visible24"=dword:00000000
    "Width24"=dword:0000003c
    "Position25"=dword:00000019
    "Visible25"=dword:00000000
    "Width25"=dword:00000041
    "Position26"=dword:0000001a
    "Visible26"=dword:00000000
    "Width26"=dword:0000003c
    "Position27"=dword:0000001b
    "Visible27"=dword:00000000
    "Width27"=dword:00000055
    "Position28"=dword:0000001c
    "Visible28"=dword:00000000
    "Width28"=dword:00000069
    "Position29"=dword:0000001d
    "Visible29"=dword:00000000
    "Width29"=dword:0000006e
    "Position30"=dword:0000001e
    "Visible30"=dword:00000000
    "Width30"=dword:00000064
    "Position31"=dword:0000001f
    "Visible31"=dword:00000000
    "Width31"=dword:00000078
    "Position32"=dword:00000020
    "Visible32"=dword:00000000
    "Width32"=dword:00000064
    "Position33"=dword:00000021
    "Visible33"=dword:00000000
    "Width33"=dword:00000087
    "Position34"=dword:00000022
    "Visible34"=dword:00000000
    "Width34"=dword:00000069
    "Position35"=dword:00000023
    "Visible35"=dword:00000000
    "Width35"=dword:0000006e
    "Position36"=dword:00000024
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000025
    "Visible37"=dword:00000000
    "Width37"=dword:0000004b
    "Position38"=dword:00000026
    "Visible38"=dword:00000000
    "Width38"=dword:0000002d
    "Position39"=dword:00000027
    "Visible39"=dword:00000000
    "Width39"=dword:00000055
    "Position40"=dword:00000028
    "Visible40"=dword:00000000
    "Width40"=dword:00000046
    "Position41"=dword:00000029
    "Visible41"=dword:00000000
    "Width41"=dword:0000004b
    "Position42"=dword:0000002a
    "Visible42"=dword:00000000
    "Width42"=dword:0000003c
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000046
    "Position44"=dword:0000002c
    "Visible44"=dword:00000000
    "Width44"=dword:00000073
    "Position45"=dword:0000002d
    "Visible45"=dword:00000000
    "Width45"=dword:0000004b
    "Position46"=dword:0000002e
    "Visible46"=dword:00000000
    "Width46"=dword:00000073
    "Position47"=dword:0000002f
    "Visible47"=dword:00000000
    "Width47"=dword:0000007d
    "Position48"=dword:00000030
    "Visible48"=dword:00000000
    "Width48"=dword:0000006e
    "Position49"=dword:00000031
    "Visible49"=dword:00000000
    "Width49"=dword:00000037
    "Position50"=dword:00000032
    "Visible50"=dword:00000000
    "Width50"=dword:00000064
    "Position51"=dword:00000033
    "Visible51"=dword:00000000
    "Width51"=dword:00000037
    "Position52"=dword:00000034
    "Visible52"=dword:00000000
    "Width52"=dword:0000004b
    "Position53"=dword:00000035
    "Visible53"=dword:00000000
    "Width53"=dword:00000046
    "Position54"=dword:00000036
    "Visible54"=dword:00000000
    "Width54"=dword:00000037
    "Position55"=dword:00000037
    "Visible55"=dword:00000000
    "Width55"=dword:0000003c
    "Position56"=dword:00000038
    "Visible56"=dword:00000000
    "Width56"=dword:00000055
    "Position57"=dword:00000039
    "Visible57"=dword:00000000
    "Width57"=dword:0000003c
    "Position58"=dword:0000003a
    "Visible58"=dword:00000000
    "Width58"=dword:0000003c
    "Position59"=dword:0000003b
    "Visible59"=dword:00000000
    "Width59"=dword:00000055
    "Position60"=dword:0000003c
    "Visible60"=dword:00000000
    "Width60"=dword:00000046
    "Position61"=dword:0000003d
    "Visible61"=dword:00000000
    "Width61"=dword:0000004b
    "Position62"=dword:0000003e
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000003f
    "Visible63"=dword:00000000
    "Width63"=dword:0000005a
    "Position64"=dword:00000040
    "Visible64"=dword:00000000
    "Width64"=dword:0000006e
    "Position65"=dword:00000041
    "Visible65"=dword:00000000
    "Width65"=dword:00000050
    "Position66"=dword:00000042
    "Visible66"=dword:00000000
    "Width66"=dword:00000032
    "Position67"=dword:00000043
    "Visible67"=dword:00000000
    "Width67"=dword:00000064
    "Position68"=dword:00000044
    "Visible68"=dword:00000000
    "Width68"=dword:0000004b
    "Position69"=dword:00000045
    "Visible69"=dword:00000000
    "Width69"=dword:0000002d
    "Position70"=dword:00000046
    "Visible70"=dword:00000000
    "Width70"=dword:0000004b
    "Position71"=dword:00000047
    "Visible71"=dword:00000000
    "Width71"=dword:0000005a
    "Position72"=dword:00000048
    "Visible72"=dword:00000000
    "Width72"=dword:0000005a
    "Position73"=dword:00000049
    "Visible73"=dword:00000000
    "Width73"=dword:00000050
    "Position74"=dword:0000004a
    "Visible74"=dword:00000000
    "Width74"=dword:0000004b
    "Position75"=dword:0000004b
    "Visible75"=dword:00000000
    "Width75"=dword:00000050
    "Position76"=dword:0000004c
    "Visible76"=dword:00000000
    "Width76"=dword:0000005a
    "Position77"=dword:0000004d
    "Visible77"=dword:00000000
    "Width77"=dword:00000041
    "Position78"=dword:0000004e
    "Visible78"=dword:00000000
    "Width78"=dword:00000041
    "Position79"=dword:0000004f
    "Visible79"=dword:00000000
    "Width79"=dword:00000041
    "Position80"=dword:00000050
    "Visible80"=dword:00000000
    "Width80"=dword:00000041
    "Position81"=dword:00000051
    "Visible81"=dword:00000000
    "Width81"=dword:00000041
    "Position82"=dword:00000052
    "Visible82"=dword:00000000
    "Width82"=dword:00000041
    "Position83"=dword:00000053
    "Visible83"=dword:00000000
    "Width83"=dword:00000041
    "Position84"=dword:00000054
    "Visible84"=dword:00000000
    "Width84"=dword:00000041
    "Position85"=dword:00000055
    "Visible85"=dword:00000000
    "Width85"=dword:00000041
    "Position86"=dword:00000056
    "Visible86"=dword:00000000
    "Width86"=dword:00000050

    [HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
    "GKWeightCoef"=dword:00000064
    "GKCurrentAbilityCoef"=dword:00000000
    "GKCornersCoef"=dword:00000000
    "GKCrossingCoef"=dword:00000000
    "GKDribblingCoef"=dword:00000000
    "GKFinishingCoef"=dword:00000000
    "GKFirstTouchCoef"=dword:00000000
    "GKFreeKicksCoef"=dword:00000000
    "GKHeadingCoef"=dword:00000000
    "GKLongShotsCoef"=dword:00000000
    "GKLongThrowsCoef"=dword:00000000
    "GKMarkingCoef"=dword:00000000
    "GKPassingCoef"=dword:00000000
    "GKPenaltiesCoef"=dword:00000000
    "GKTacklingCoef"=dword:00000005
    "GKTechniqueCoef"=dword:00000000
    "GKLeftFootCoef"=dword:00000000
    "GKRightFootCoef"=dword:00000000
    "GKAggressionCoef"=dword:0000000a
    "GKAnticipationCoef"=dword:00000005
    "GKBraveryCoef"=dword:00000014
    "GKComposureCoef"=dword:00000014
    "GKConcentrationCoef"=dword:0000000a
    "GKConsistencyCoef"=dword:0000000a
    "GKCreativityCoef"=dword:00000000
    "GKDecisionsCoef"=dword:00000014
    "GKDeterminationCoef"=dword:0000000a
    "GKDirtinessCoef"=dword:fffffffb
    "GKFlairCoef"=dword:00000000
    "GKImportantMatchesCoef"=dword:0000000a
    "GKInfluenceCoef"=dword:0000000a
    "GKOffTheBallCoef"=dword:00000000
    "GKPositioningCoef"=dword:00000050
    "GKTeamworkCoef"=dword:00000005
    "GKWorkRateCoef"=dword:00000000
    "GKAccelerationCoef"=dword:00000005
    "GKAgilityCoef"=dword:0000000a
    "GKBalanceCoef"=dword:0000000a
    "GKInjuryPronenessCoef"=dword:fffffffb
    "GKJumpingCoef"=dword:00000050
    "GKNaturalFitnessCoef"=dword:00000005
    "GKPaceCoef"=dword:00000000
    "GKStaminaCoef"=dword:00000000
    "GKStrengthCoef"=dword:0000000a
    "GKVersatilityCoef"=dword:00000000
    "GKAerialAbilityCoef"=dword:00000032
    "GKCommandOfAreaCoef"=dword:00000014
    "GKCommunicationCoef"=dword:00000032
    "GKEccentricityCoef"=dword:ffffffec
    "GKHandlingCoef"=dword:00000064
    "GKKickingCoef"=dword:0000000a
    "GKOneOnOnesCoef"=dword:00000032
    "GKReflexesCoef"=dword:00000064
    "GKRushingOutCoef"=dword:00000014
    "GKTendencyToPunchCoef"=dword:fffffff6
    "GKThrowingCoef"=dword:0000000a
    "GKAdaptabilityCoef"=dword:00000005
    "GKAmbitionCoef"=dword:0000000a
    "GKControversyCoef"=dword:fffffffb
    "GKLoyalityCoef"=dword:00000005
    "GKPressureCoef"=dword:00000005
    "GKProfessionalismCoef"=dword:00000005
    "GKSportsmanshipCoef"=dword:00000005
    "GKTemperamentCoef"=dword:00000005
    "SWWeightCoef"=dword:00000066
    "SWCurrentAbilityCoef"=dword:00000000
    "SWCornersCoef"=dword:00000000
    "SWCrossingCoef"=dword:00000000
    "SWDribblingCoef"=dword:00000000
    "SWFinishingCoef"=dword:00000000
    "SWFirstTouchCoef"=dword:00000014
    "SWFreeKicksCoef"=dword:0000000a
    "SWHeadingCoef"=dword:00000064
    "SWLongShotsCoef"=dword:0000000a
    "SWLongThrowsCoef"=dword:00000000
    "SWMarkingCoef"=dword:00000064
    "SWPassingCoef"=dword:0000000a
    "SWPenaltiesCoef"=dword:00000005
    "SWTacklingCoef"=dword:00000064
    "SWTechniqueCoef"=dword:0000000a
    "SWLeftFootCoef"=dword:00000005
    "SWRightFootCoef"=dword:00000005
    "SWAggressionCoef"=dword:00000014
    "SWAnticipationCoef"=dword:00000014
    "SWBraveryCoef"=dword:00000028
    "SWComposureCoef"=dword:00000028
    "SWConcentrationCoef"=dword:0000003c
    "SWConsistencyCoef"=dword:0000000a
    "SWCreativityCoef"=dword:0000000a
    "SWDecisionsCoef"=dword:00000014
    "SWDeterminationCoef"=dword:0000000a
    "SWDirtinessCoef"=dword:ffffffe7
    "SWFlairCoef"=dword:00000000
    "SWImportantMatchesCoef"=dword:0000000a
    "SWInfluenceCoef"=dword:0000000a
    "SWOffTheBallCoef"=dword:0000000a
    "SWPositioningCoef"=dword:00000064
    "SWTeamworkCoef"=dword:00000028
    "SWWorkRateCoef"=dword:00000014
    "SWAccelerationCoef"=dword:0000001e
    "SWAgilityCoef"=dword:0000000a
    "SWBalanceCoef"=dword:00000014
    "SWInjuryPronenessCoef"=dword:fffffffb
    "SWJumpingCoef"=dword:00000064
    "SWNaturalFitnessCoef"=dword:00000005
    "SWPaceCoef"=dword:00000014
    "SWStaminaCoef"=dword:0000000a
    "SWStrengthCoef"=dword:00000050
    "SWVersatilityCoef"=dword:00000005
    "SWAerialAbilityCoef"=dword:00000000
    "SWCommandOfAreaCoef"=dword:00000000
    "SWCommunicationCoef"=dword:00000000
    "SWEccentricityCoef"=dword:00000000
    "SWHandlingCoef"=dword:00000000
    "SWKickingCoef"=dword:00000000
    "SWOneOnOnesCoef"=dword:00000005
    "SWReflexesCoef"=dword:00000005
    "SWRushingOutCoef"=dword:00000000
    "SWTendencyToPunchCoef"=dword:00000000
    "SWThrowingCoef"=dword:00000000
    "SWAdaptabilityCoef"=dword:00000005
    "SWAmbitionCoef"=dword:0000000a
    "SWControversyCoef"=dword:fffffffb
    "SWLoyalityCoef"=dword:00000005
    "SWPressureCoef"=dword:00000005
    "SWProfessionalismCoef"=dword:00000005
    "SWSportsmanshipCoef"=dword:00000005
    "SWTemperamentCoef"=dword:00000005
    "CBWeightCoef"=dword:00000064
    "CBCurrentAbilityCoef"=dword:00000000
    "CBCornersCoef"=dword:00000000
    "CBCrossingCoef"=dword:00000000
    "CBDribblingCoef"=dword:00000000
    "CBFinishingCoef"=dword:00000000
    "CBFirstTouchCoef"=dword:00000014
    "CBFreeKicksCoef"=dword:0000000a
    "CBHeadingCoef"=dword:00000064
    "CBLongShotsCoef"=dword:0000000a
    "CBLongThrowsCoef"=dword:00000000
    "CBMarkingCoef"=dword:00000050
    "CBPassingCoef"=dword:00000014
    "CBPenaltiesCoef"=dword:00000005
    "CBTacklingCoef"=dword:00000064
    "CBTechniqueCoef"=dword:0000000a
    "CBLeftFootCoef"=dword:00000005
    "CBRightFootCoef"=dword:00000005
    "CBAggressionCoef"=dword:00000014
    "CBAnticipationCoef"=dword:00000014
    "CBBraveryCoef"=dword:00000028
    "CBComposureCoef"=dword:00000014
    "CBConcentrationCoef"=dword:00000028
    "CBConsistencyCoef"=dword:0000000a
    "CBCreativityCoef"=dword:0000000a
    "CBDecisionsCoef"=dword:00000014
    "CBDeterminationCoef"=dword:0000000a
    "CBDirtinessCoef"=dword:ffffffec
    "CBFlairCoef"=dword:00000000
    "CBImportantMatchesCoef"=dword:0000000a
    "CBInfluenceCoef"=dword:0000000a
    "CBOffTheBallCoef"=dword:0000000a
    "CBPositioningCoef"=dword:00000050
    "CBTeamworkCoef"=dword:00000028
    "CBWorkRateCoef"=dword:00000014
    "CBAccelerationCoef"=dword:00000028
    "CBAgilityCoef"=dword:0000000a
    "CBBalanceCoef"=dword:00000014
    "CBInjuryPronenessCoef"=dword:fffffffb
    "CBJumpingCoef"=dword:00000064
    "CBNaturalFitnessCoef"=dword:00000005
    "CBPaceCoef"=dword:0000001e
    "CBStaminaCoef"=dword:0000000a
    "CBStrengthCoef"=dword:0000003c
    "CBVersatilityCoef"=dword:00000005
    "CBAerialAbilityCoef"=dword:00000000
    "CBCommandOfAreaCoef"=dword:00000000
    "CBCommunicationCoef"=dword:00000000
    "CBEccentricityCoef"=dword:00000000
    "CBHandlingCoef"=dword:00000000
    "CBKickingCoef"=dword:00000000
    "CBOneOnOnesCoef"=dword:00000005
    "CBReflexesCoef"=dword:00000005
    "CBRushingOutCoef"=dword:00000000
    "CBTendencyToPunchCoef"=dword:00000000
    "CBThrowingCoef"=dword:00000000
    "CBAdaptabilityCoef"=dword:00000005
    "CBAmbitionCoef"=dword:0000000a
    "CBControversyCoef"=dword:fffffffb
    "CBLoyalityCoef"=dword:00000005
    "CBPressureCoef"=dword:00000005
    "CBProfessionalismCoef"=dword:00000005
    "CBSportsmanshipCoef"=dword:00000005
    "CBTemperamentCoef"=dword:00000005
    "FBWeightCoef"=dword:0000006c
    "FBCurrentAbilityCoef"=dword:00000000
    "FBCornersCoef"=dword:0000000a
    "FBCrossingCoef"=dword:0000001e
    "FBDribblingCoef"=dword:00000014
    "FBFinishingCoef"=dword:00000000
    "FBFirstTouchCoef"=dword:00000014
    "FBFreeKicksCoef"=dword:0000000a
    "FBHeadingCoef"=dword:0000003c
    "FBLongShotsCoef"=dword:0000000a
    "FBLongThrowsCoef"=dword:0000000a
    "FBMarkingCoef"=dword:0000003c
    "FBPassingCoef"=dword:0000001e
    "FBPenaltiesCoef"=dword:00000005
    "FBTacklingCoef"=dword:00000064
    "FBTechniqueCoef"=dword:00000014
    "FBLeftFootCoef"=dword:00000005
    "FBRightFootCoef"=dword:00000005
    "FBAggressionCoef"=dword:0000000f
    "FBAnticipationCoef"=dword:00000050
    "FBBraveryCoef"=dword:00000014
    "FBComposureCoef"=dword:0000000a
    "FBConcentrationCoef"=dword:0000001e
    "FBConsistencyCoef"=dword:0000000a
    "FBCreativityCoef"=dword:0000000a
    "FBDecisionsCoef"=dword:00000014
    "FBDeterminationCoef"=dword:0000000a
    "FBDirtinessCoef"=dword:fffffff6
    "FBFlairCoef"=dword:00000005
    "FBImportantMatchesCoef"=dword:0000000a
    "FBInfluenceCoef"=dword:0000000a
    "FBOffTheBallCoef"=dword:00000014
    "FBPositioningCoef"=dword:00000064
    "FBTeamworkCoef"=dword:00000014
    "FBWorkRateCoef"=dword:00000014
    "FBAccelerationCoef"=dword:0000003c
    "FBAgilityCoef"=dword:0000000a
    "FBBalanceCoef"=dword:00000014
    "FBInjuryPronenessCoef"=dword:fffffffb
    "FBJumpingCoef"=dword:0000003c
    "FBNaturalFitnessCoef"=dword:00000005
    "FBPaceCoef"=dword:00000050
    "FBStaminaCoef"=dword:0000003c
    "FBStrengthCoef"=dword:00000028
    "FBVersatilityCoef"=dword:00000005
    "FBAerialAbilityCoef"=dword:00000000
    "FBCommandOfAreaCoef"=dword:00000000
    "FBCommunicationCoef"=dword:00000000
    "FBEccentricityCoef"=dword:00000000
    "FBHandlingCoef"=dword:00000000
    "FBKickingCoef"=dword:00000000
    "FBOneOnOnesCoef"=dword:00000005
    "FBReflexesCoef"=dword:00000005
    "FBRushingOutCoef"=dword:00000000
    "FBTendencyToPunchCoef"=dword:00000000
    "FBThrowingCoef"=dword:00000000
    "FBAdaptabilityCoef"=dword:00000005
    "FBAmbitionCoef"=dword:0000000a
    "FBControversyCoef"=dword:fffffffb
    "FBLoyalityCoef"=dword:00000005
    "FBPressureCoef"=dword:00000005
    "FBProfessionalismCoef"=dword:00000005
    "FBSportsmanshipCoef"=dword:00000005
    "FBTemperamentCoef"=dword:00000005
    "WBWeightCoef"=dword:0000006e
    "WBCurrentAbilityCoef"=dword:00000000
    "WBCornersCoef"=dword:0000000a
    "WBCrossingCoef"=dword:0000003c
    "WBDribblingCoef"=dword:00000028
    "WBFinishingCoef"=dword:0000000a
    "WBFirstTouchCoef"=dword:00000014
    "WBFreeKicksCoef"=dword:0000000a
    "WBHeadingCoef"=dword:00000028
    "WBLongShotsCoef"=dword:00000014
    "WBLongThrowsCoef"=dword:0000000a
    "WBMarkingCoef"=dword:0000003c
    "WBPassingCoef"=dword:00000028
    "WBPenaltiesCoef"=dword:00000005
    "WBTacklingCoef"=dword:00000064
    "WBTechniqueCoef"=dword:00000028
    "WBLeftFootCoef"=dword:00000005
    "WBRightFootCoef"=dword:00000005
    "WBAggressionCoef"=dword:0000000a
    "WBAnticipationCoef"=dword:00000050
    "WBBraveryCoef"=dword:0000000a
    "WBComposureCoef"=dword:0000000a
    "WBConcentrationCoef"=dword:00000014
    "WBConsistencyCoef"=dword:0000000a
    "WBCreativityCoef"=dword:00000014
    "WBDecisionsCoef"=dword:00000014
    "WBDeterminationCoef"=dword:0000000a
    "WBDirtinessCoef"=dword:fffffff6
    "WBFlairCoef"=dword:0000000a
    "WBImportantMatchesCoef"=dword:0000000a
    "WBInfluenceCoef"=dword:0000000a
    "WBOffTheBallCoef"=dword:00000014
    "WBPositioningCoef"=dword:00000064
    "WBTeamworkCoef"=dword:00000014
    "WBWorkRateCoef"=dword:00000028
    "WBAccelerationCoef"=dword:00000050
    "WBAgilityCoef"=dword:0000000a
    "WBBalanceCoef"=dword:00000014
    "WBInjuryPronenessCoef"=dword:fffffffb
    "WBJumpingCoef"=dword:00000014
    "WBNaturalFitnessCoef"=dword:00000005
    "WBPaceCoef"=dword:00000064
    "WBStaminaCoef"=dword:00000050
    "WBStrengthCoef"=dword:00000028
    "WBVersatilityCoef"=dword:00000005
    "WBAerialAbilityCoef"=dword:00000000
    "WBCommandOfAreaCoef"=dword:00000000
    "WBCommunicationCoef"=dword:00000000
    "WBEccentricityCoef"=dword:00000000
    "WBHandlingCoef"=dword:00000000
    "WBKickingCoef"=dword:00000000
    "WBOneOnOnesCoef"=dword:00000005
    "WBReflexesCoef"=dword:00000005
    "WBRushingOutCoef"=dword:00000000
    "WBTendencyToPunchCoef"=dword:00000000
    "WBThrowingCoef"=dword:00000000
    "WBAdaptabilityCoef"=dword:00000005
    "WBAmbitionCoef"=dword:0000000a
    "WBControversyCoef"=dword:fffffffb
    "WBLoyalityCoef"=dword:00000005
    "WBPressureCoef"=dword:00000005
    "WBProfessionalismCoef"=dword:00000005
    "WBSportsmanshipCoef"=dword:00000005
    "WBTemperamentCoef"=dword:00000005
    "DMWeightCoef"=dword:00000069
    "DMCurrentAbilityCoef"=dword:00000000
    "DMCornersCoef"=dword:0000000a
    "DMCrossingCoef"=dword:0000001e
    "DMDribblingCoef"=dword:00000014
    "DMFinishingCoef"=dword:0000000a
    "DMFirstTouchCoef"=dword:0000001e
    "DMFreeKicksCoef"=dword:0000000a
    "DMHeadingCoef"=dword:00000028
    "DMLongShotsCoef"=dword:00000014
    "DMLongThrowsCoef"=dword:00000005
    "DMMarkingCoef"=dword:0000003c
    "DMPassingCoef"=dword:00000028
    "DMPenaltiesCoef"=dword:00000005
    "DMTacklingCoef"=dword:00000064
    "DMTechniqueCoef"=dword:0000001e
    "DMLeftFootCoef"=dword:00000005
    "DMRightFootCoef"=dword:00000005
    "DMAggressionCoef"=dword:00000028
    "DMAnticipationCoef"=dword:00000028
    "DMBraveryCoef"=dword:00000014
    "DMComposureCoef"=dword:0000000a
    "DMConcentrationCoef"=dword:00000014
    "DMConsistencyCoef"=dword:0000000a
    "DMCreativityCoef"=dword:00000014
    "DMDecisionsCoef"=dword:00000014
    "DMDeterminationCoef"=dword:0000000a
    "DMDirtinessCoef"=dword:fffffff6
    "DMFlairCoef"=dword:0000000a
    "DMImportantMatchesCoef"=dword:0000000a
    "DMInfluenceCoef"=dword:0000000a
    "DMOffTheBallCoef"=dword:0000001e
    "DMPositioningCoef"=dword:00000050
    "DMTeamworkCoef"=dword:00000028
    "DMWorkRateCoef"=dword:00000050
    "DMAccelerationCoef"=dword:00000028
    "DMAgilityCoef"=dword:0000000a
    "DMBalanceCoef"=dword:0000000a
    "DMInjuryPronenessCoef"=dword:fffffffb
    "DMJumpingCoef"=dword:00000028
    "DMNaturalFitnessCoef"=dword:00000005
    "DMPaceCoef"=dword:00000028
    "DMStaminaCoef"=dword:0000003c
    "DMStrengthCoef"=dword:00000028
    "DMVersatilityCoef"=dword:00000005
    "DMAerialAbilityCoef"=dword:00000000
    "DMCommandOfAreaCoef"=dword:00000000
    "DMCommunicationCoef"=dword:00000000
    "DMEccentricityCoef"=dword:00000000
    "DMHandlingCoef"=dword:00000000
    "DMKickingCoef"=dword:00000000
    "DMOneOnOnesCoef"=dword:00000005
    "DMReflexesCoef"=dword:00000005
    "DMRushingOutCoef"=dword:00000000
    "DMTendencyToPunchCoef"=dword:00000000
    "DMThrowingCoef"=dword:00000000
    "DMAdaptabilityCoef"=dword:00000005
    "DMAmbitionCoef"=dword:0000000a
    "DMControversyCoef"=dword:fffffffb
    "DMLoyalityCoef"=dword:00000005
    "DMPressureCoef"=dword:00000005
    "DMProfessionalismCoef"=dword:00000005
    "DMSportsmanshipCoef"=dword:00000005
    "DMTemperamentCoef"=dword:00000005
    "MWeightCoef"=dword:0000006a
    "MCurrentAbilityCoef"=dword:00000000
    "MCornersCoef"=dword:0000000a
    "MCrossingCoef"=dword:00000028
    "MDribblingCoef"=dword:00000032
    "MFinishingCoef"=dword:00000014
    "MFirstTouchCoef"=dword:0000001e
    "MFreeKicksCoef"=dword:0000000a
    "MHeadingCoef"=dword:0000001e
    "MLongShotsCoef"=dword:00000014
    "MLongThrowsCoef"=dword:00000005
    "MMarkingCoef"=dword:00000028
    "MPassingCoef"=dword:00000046
    "MPenaltiesCoef"=dword:00000005
    "MTacklingCoef"=dword:0000003c
    "MTechniqueCoef"=dword:00000032
    "MLeftFootCoef"=dword:00000005
    "MRightFootCoef"=dword:00000005
    "MAggressionCoef"=dword:0000001e
    "MAnticipationCoef"=dword:00000028
    "MBraveryCoef"=dword:0000000a
    "MComposureCoef"=dword:0000000a
    "MConcentrationCoef"=dword:0000000a
    "MConsistencyCoef"=dword:0000000a
    "MCreativityCoef"=dword:0000003c
    "MDecisionsCoef"=dword:0000001e
    "MDeterminationCoef"=dword:0000000a
    "MDirtinessCoef"=dword:fffffffb
    "MFlairCoef"=dword:0000000a
    "MImportantMatchesCoef"=dword:0000000a
    "MInfluenceCoef"=dword:0000000a
    "MOffTheBallCoef"=dword:00000028
    "MPositioningCoef"=dword:00000028
    "MTeamworkCoef"=dword:00000032
    "MWorkRateCoef"=dword:00000032
    "MAccelerationCoef"=dword:00000032
    "MAgilityCoef"=dword:0000000a
    "MBalanceCoef"=dword:0000000a
    "MInjuryPronenessCoef"=dword:fffffffb
    "MJumpingCoef"=dword:00000028
    "MNaturalFitnessCoef"=dword:00000005
    "MPaceCoef"=dword:00000028
    "MStaminaCoef"=dword:0000003c
    "MStrengthCoef"=dword:0000001e
    "MVersatilityCoef"=dword:00000005
    "MAerialAbilityCoef"=dword:00000000
    "MCommandOfAreaCoef"=dword:00000000
    "MCommunicationCoef"=dword:00000000
    "MEccentricityCoef"=dword:00000000
    "MHandlingCoef"=dword:00000000
    "MKickingCoef"=dword:00000000
    "MOneOnOnesCoef"=dword:00000005
    "MReflexesCoef"=dword:00000005
    "MRushingOutCoef"=dword:00000000
    "MTendencyToPunchCoef"=dword:00000000
    "MThrowingCoef"=dword:00000000
    "MAdaptabilityCoef"=dword:00000005
    "MAmbitionCoef"=dword:0000000a
    "MControversyCoef"=dword:fffffffb
    "MLoyalityCoef"=dword:00000005
    "MPressureCoef"=dword:00000005
    "MProfessionalismCoef"=dword:00000005
    "MSportsmanshipCoef"=dword:00000005
    "MTemperamentCoef"=dword:00000005
    "AMWeightCoef"=dword:00000069
    "AMCurrentAbilityCoef"=dword:00000000
    "AMCornersCoef"=dword:0000000a
    "AMCrossingCoef"=dword:0000003c
    "AMDribblingCoef"=dword:00000050
    "AMFinishingCoef"=dword:00000028
    "AMFirstTouchCoef"=dword:0000001e
    "AMFreeKicksCoef"=dword:0000000a
    "AMHeadingCoef"=dword:00000014
    "AMLongShotsCoef"=dword:00000014
    "AMLongThrowsCoef"=dword:00000005
    "AMMarkingCoef"=dword:0000000a
    "AMPassingCoef"=dword:00000064
    "AMPenaltiesCoef"=dword:00000005
    "AMTacklingCoef"=dword:0000000a
    "AMTechniqueCoef"=dword:00000050
    "AMLeftFootCoef"=dword:00000005
    "AMRightFootCoef"=dword:00000005
    "AMAggressionCoef"=dword:0000000a
    "AMAnticipationCoef"=dword:0000001e
    "AMBraveryCoef"=dword:0000000a
    "AMComposureCoef"=dword:0000000a
    "AMConcentrationCoef"=dword:0000000a
    "AMConsistencyCoef"=dword:0000000a
    "AMCreativityCoef"=dword:00000064
    "AMDecisionsCoef"=dword:00000028
    "AMDeterminationCoef"=dword:0000000a
    "AMDirtinessCoef"=dword:fffffffb
    "AMFlairCoef"=dword:00000014
    "AMImportantMatchesCoef"=dword:0000000a
    "AMInfluenceCoef"=dword:0000000a
    "AMOffTheBallCoef"=dword:0000003c
    "AMPositioningCoef"=dword:00000014
    "AMTeamworkCoef"=dword:0000003c
    "AMWorkRateCoef"=dword:00000014
    "AMAccelerationCoef"=dword:0000003c
    "AMAgilityCoef"=dword:0000000a
    "AMBalanceCoef"=dword:0000000a
    "AMInjuryPronenessCoef"=dword:fffffffb
    "AMJumpingCoef"=dword:00000014
    "AMNaturalFitnessCoef"=dword:00000005
    "AMPaceCoef"=dword:0000003c
    "AMStaminaCoef"=dword:0000003c
    "AMStrengthCoef"=dword:00000014
    "AMVersatilityCoef"=dword:00000005
    "AMAerialAbilityCoef"=dword:00000000
    "AMCommandOfAreaCoef"=dword:00000000
    "AMCommunicationCoef"=dword:00000000
    "AMEccentricityCoef"=dword:00000000
    "AMHandlingCoef"=dword:00000000
    "AMKickingCoef"=dword:00000000
    "AMOneOnOnesCoef"=dword:00000005
    "AMReflexesCoef"=dword:00000005
    "AMRushingOutCoef"=dword:00000000
    "AMTendencyToPunchCoef"=dword:00000000
    "AMThrowingCoef"=dword:00000000
    "AMAdaptabilityCoef"=dword:00000005
    "AMAmbitionCoef"=dword:0000000a
    "AMControversyCoef"=dword:fffffffb
    "AMLoyalityCoef"=dword:00000005
    "AMPressureCoef"=dword:00000005
    "AMProfessionalismCoef"=dword:00000005
    "AMSportsmanshipCoef"=dword:00000005
    "AMTemperamentCoef"=dword:00000005
    "WWeightCoef"=dword:00000069
    "WCurrentAbilityCoef"=dword:00000000
    "WCornersCoef"=dword:0000000a
    "WCrossingCoef"=dword:00000064
    "WDribblingCoef"=dword:00000064
    "WFinishingCoef"=dword:0000003c
    "WFirstTouchCoef"=dword:0000001e
    "WFreeKicksCoef"=dword:0000000a
    "WHeadingCoef"=dword:00000014
    "WLongShotsCoef"=dword:00000014
    "WLongThrowsCoef"=dword:00000005
    "WMarkingCoef"=dword:0000000a
    "WPassingCoef"=dword:0000003c
    "WPenaltiesCoef"=dword:00000005
    "WTacklingCoef"=dword:0000000a
    "WTechniqueCoef"=dword:00000050
    "WLeftFootCoef"=dword:00000005
    "WRightFootCoef"=dword:00000005
    "WAggressionCoef"=dword:0000000a
    "WAnticipationCoef"=dword:00000014
    "WBraveryCoef"=dword:0000000a
    "WComposureCoef"=dword:0000000a
    "WConcentrationCoef"=dword:0000000a
    "WConsistencyCoef"=dword:0000000a
    "WCreativityCoef"=dword:0000003c
    "WDecisionsCoef"=dword:00000014
    "WDeterminationCoef"=dword:0000000a
    "WDirtinessCoef"=dword:fffffffb
    "WFlairCoef"=dword:0000000a
    "WImportantMatchesCoef"=dword:00000014
    "WInfluenceCoef"=dword:0000000a
    "WOffTheBallCoef"=dword:0000003c
    "WPositioningCoef"=dword:00000014
    "WTeamworkCoef"=dword:0000001e
    "WWorkRateCoef"=dword:0000001e
    "WAccelerationCoef"=dword:00000050
    "WAgilityCoef"=dword:00000014
    "WBalanceCoef"=dword:0000000a
    "WInjuryPronenessCoef"=dword:fffffffb
    "WJumpingCoef"=dword:00000014
    "WNaturalFitnessCoef"=dword:00000005
    "WPaceCoef"=dword:00000064
    "WStaminaCoef"=dword:0000003c
    "WStrengthCoef"=dword:00000014
    "WVersatilityCoef"=dword:00000005
    "WAerialAbilityCoef"=dword:00000000
    "WCommandOfAreaCoef"=dword:00000000
    "WCommunicationCoef"=dword:00000000
    "WEccentricityCoef"=dword:00000000
    "WHandlingCoef"=dword:00000000
    "WKickingCoef"=dword:00000000
    "WOneOnOnesCoef"=dword:00000005
    "WReflexesCoef"=dword:00000005
    "WRushingOutCoef"=dword:00000000
    "WTendencyToPunchCoef"=dword:00000000
    "WThrowingCoef"=dword:00000000
    "WAdaptabilityCoef"=dword:00000005
    "WAmbitionCoef"=dword:0000000a
    "WControversyCoef"=dword:fffffffb
    "WLoyalityCoef"=dword:00000005
    "WPressureCoef"=dword:00000005
    "WProfessionalismCoef"=dword:00000005
    "WSportsmanshipCoef"=dword:00000005
    "WTemperamentCoef"=dword:00000005
    "FSTWeightCoef"=dword:00000067
    "FSTCurrentAbilityCoef"=dword:00000000
    "FSTCornersCoef"=dword:0000000a
    "FSTCrossingCoef"=dword:0000000a
    "FSTDribblingCoef"=dword:00000050
    "FSTFinishingCoef"=dword:00000064
    "FSTFirstTouchCoef"=dword:00000028
    "FSTFreeKicksCoef"=dword:0000000a
    "FSTHeadingCoef"=dword:00000028
    "FSTLongShotsCoef"=dword:00000014
    "FSTLongThrowsCoef"=dword:00000000
    "FSTMarkingCoef"=dword:00000000
    "FSTPassingCoef"=dword:00000028
    "FSTPenaltiesCoef"=dword:00000005
    "FSTTacklingCoef"=dword:00000000
    "FSTTechniqueCoef"=dword:00000050
    "FSTLeftFootCoef"=dword:00000005
    "FSTRightFootCoef"=dword:00000005
    "FSTAggressionCoef"=dword:0000000a
    "FSTAnticipationCoef"=dword:0000000a
    "FSTBraveryCoef"=dword:0000000a
    "FSTComposureCoef"=dword:0000000a
    "FSTConcentrationCoef"=dword:0000000a
    "FSTConsistencyCoef"=dword:0000000a
    "FSTCreativityCoef"=dword:00000028
    "FSTDecisionsCoef"=dword:0000000a
    "FSTDeterminationCoef"=dword:0000000a
    "FSTDirtinessCoef"=dword:fffffffb
    "FSTFlairCoef"=dword:0000000a
    "FSTImportantMatchesCoef"=dword:0000000a
    "FSTInfluenceCoef"=dword:0000000a
    "FSTOffTheBallCoef"=dword:00000050
    "FSTPositioningCoef"=dword:0000000a
    "FSTTeamworkCoef"=dword:0000000a
    "FSTWorkRateCoef"=dword:0000000a
    "FSTAccelerationCoef"=dword:00000064
    "FSTAgilityCoef"=dword:00000028
    "FSTBalanceCoef"=dword:0000000a
    "FSTInjuryPronenessCoef"=dword:fffffffb
    "FSTJumpingCoef"=dword:00000014
    "FSTNaturalFitnessCoef"=dword:00000005
    "FSTPaceCoef"=dword:00000064
    "FSTStaminaCoef"=dword:00000028
    "FSTStrengthCoef"=dword:00000014
    "FSTVersatilityCoef"=dword:00000005
    "FSTAerialAbilityCoef"=dword:00000000
    "FSTCommandOfAreaCoef"=dword:00000000
    "FSTCommunicationCoef"=dword:00000000
    "FSTEccentricityCoef"=dword:00000000
    "FSTHandlingCoef"=dword:00000000
    "FSTKickingCoef"=dword:00000000
    "FSTOneOnOnesCoef"=dword:00000005
    "FSTReflexesCoef"=dword:00000005
    "FSTRushingOutCoef"=dword:00000000
    "FSTTendencyToPunchCoef"=dword:00000000
    "FSTThrowingCoef"=dword:00000000
    "FSTAdaptabilityCoef"=dword:00000005
    "FSTAmbitionCoef"=dword:0000000a
    "FSTControversyCoef"=dword:fffffffb
    "FSTLoyalityCoef"=dword:00000005
    "FSTPressureCoef"=dword:00000005
    "FSTProfessionalismCoef"=dword:00000005
    "FSTSportsmanshipCoef"=dword:00000005
    "FSTTemperamentCoef"=dword:00000005
    "TSTWeightCoef"=dword:00000068
    "TSTCurrentAbilityCoef"=dword:00000000
    "TSTCornersCoef"=dword:00000000
    "TSTCrossingCoef"=dword:0000000a
    "TSTDribblingCoef"=dword:0000003c
    "TSTFinishingCoef"=dword:00000050
    "TSTFirstTouchCoef"=dword:0000001e
    "TSTFreeKicksCoef"=dword:0000000a
    "TSTHeadingCoef"=dword:00000064
    "TSTLongShotsCoef"=dword:00000014
    "TSTLongThrowsCoef"=dword:00000000
    "TSTMarkingCoef"=dword:00000000
    "TSTPassingCoef"=dword:00000028
    "TSTPenaltiesCoef"=dword:00000005
    "TSTTacklingCoef"=dword:00000000
    "TSTTechniqueCoef"=dword:00000028
    "TSTLeftFootCoef"=dword:00000005
    "TSTRightFootCoef"=dword:00000005
    "TSTAggressionCoef"=dword:00000014
    "TSTAnticipationCoef"=dword:0000000a
    "TSTBraveryCoef"=dword:00000014
    "TSTComposureCoef"=dword:0000000a
    "TSTConcentrationCoef"=dword:0000000a
    "TSTConsistencyCoef"=dword:0000000a
    "TSTCreativityCoef"=dword:00000014
    "TSTDecisionsCoef"=dword:0000000a
    "TSTDeterminationCoef"=dword:0000000a
    "TSTDirtinessCoef"=dword:fffffffb
    "TSTFlairCoef"=dword:0000000a
    "TSTImportantMatchesCoef"=dword:0000000a
    "TSTInfluenceCoef"=dword:0000000a
    "TSTOffTheBallCoef"=dword:00000050
    "TSTPositioningCoef"=dword:00000014
    "TSTTeamworkCoef"=dword:0000000a
    "TSTWorkRateCoef"=dword:0000000a
    "TSTAccelerationCoef"=dword:00000028
    "TSTAgilityCoef"=dword:00000014
    "TSTBalanceCoef"=dword:00000014
    "TSTInjuryPronenessCoef"=dword:fffffffb
    "TSTJumpingCoef"=
    6 Mai 2009 18:50:45

    (Suite)

    "TSTNaturalFitnessCoef"=dword:00000005
    "TSTPaceCoef"=dword:00000028
    "TSTStaminaCoef"=dword:00000014
    "TSTStrengthCoef"=dword:00000050
    "TSTVersatilityCoef"=dword:00000005
    "TSTAerialAbilityCoef"=dword:00000000
    "TSTCommandOfAreaCoef"=dword:00000000
    "TSTCommunicationCoef"=dword:00000000
    "TSTEccentricityCoef"=dword:00000000
    "TSTHandlingCoef"=dword:00000000
    "TSTKickingCoef"=dword:00000000
    "TSTOneOnOnesCoef"=dword:00000005
    "TSTReflexesCoef"=dword:00000005
    "TSTRushingOutCoef"=dword:00000000
    "TSTTendencyToPunchCoef"=dword:00000000
    "TSTThrowingCoef"=dword:00000000
    "TSTAdaptabilityCoef"=dword:00000005
    "TSTAmbitionCoef"=dword:0000000a
    "TSTControversyCoef"=dword:fffffffb
    "TSTLoyalityCoef"=dword:00000005
    "TSTPressureCoef"=dword:00000005
    "TSTProfessionalismCoef"=dword:00000005
    "TSTSportsmanshipCoef"=dword:00000005
    "TSTTemperamentCoef"=dword:00000005

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(3076)
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\documents and settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-06 18:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-06 16:45
    ComboFix2.txt 2008-12-28 13:53
    ComboFix3.txt 2008-12-27 21:07

    Avant-CF: 85 429 051 392 octets libres
    Après-CF: 85 466 779 648 octets libres
    a c 333 8 Sécurité
    6 Mai 2009 19:16:16

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    6 Mai 2009 20:24:35

    Où se trouve le rapport ? Ensuite que j'ai quitté le navigateur, puis que le rapport apparaisse, mon ordi a redémarré. Merci.
    a c 333 8 Sécurité
    6 Mai 2009 20:35:01

    Dans MBAM, onglet Rapports/Logs.
    6 Mai 2009 20:44:30

    Merci. Voici le rapport.


    Citation :

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 1945
    Windows 5.1.2600 Service Pack 2

    06/05/2009 20:17:40
    mbam-log-2009-05-06 (20-17-40).txt

    Type de recherche: Examen rapide
    Eléments examinés: 101375
    Temps écoulé: 6 minute(s), 45 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\spbho.tiebho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\maxime\Application Data\Privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Program Files\DrvMgt.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
    a c 333 8 Sécurité
    6 Mai 2009 23:39:42

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Au menu principal, choisis l'option A.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-Scan-(date).log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    7 Mai 2009 17:21:26

    Voici le rapport :

    Citation :


    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    Start at: 16:59:42, 07/05/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: 202878480001
    Current User: maxime - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - E:\ (File System: UDF)

    ============ Known Adwares Found ============

    .
    HKCU\Software\VB and VBA Program Settings\eurobarre
    .
    C:\Documents and Settings\maxime\Menudm~1\Progra~1\Eurobarre
    C:\Documents and Settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\EBSuggestHistory

    +-----------------| Eorezo Elements Found:

    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\maxime\Application Data\EoRezo

    +-----------------| It's TV Elements Found:

    .

    +-----------------| Sweetim Elements Found:

    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKCU\Software\SWEETIE
    HKLM\Software\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKLM\Software\Macrogaming
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\WINDOWS\Installer\78aac2.msi
    C:\WINDOWS\Installer\78aac7.msi
    C:\Program Files\Macrogaming

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: uccy25lm.default (maxime)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    (Prefs.js) FOUND: user_pref("CT1587331.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
    (Prefs.js) FOUND: user_pref("CT1587331.CTPBaseServerUrl", "http://services.conduit.com/");
    (Prefs.js) FOUND: user_pref("CT1587331.Server", "http://users.conduit.com");
    (Prefs.js) FOUND: user_pref("CT1765355.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
    (Prefs.js) FOUND: user_pref("CT1765355.CTPBaseServerUrl", "http://services.conduit.com/");
    (Prefs.js) FOUND: user_pref("CT1765355.Server", "http://users.conduit.com");
    .
    .
    .
    .

    +---------------------------------------------------------------------------+

    6419 Byte(s) - C:\Ad-Report-Scan-07.05.2009.log


    End at: 17:17:38 | 07/05/2009
    .
    +-----------------| E.O.F



    A noter un message d'erreur à un moment :

    a c 333 8 Sécurité
    7 Mai 2009 17:26:24

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le raccourci d'Ad-Remover pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

  • Au menu principal, choisis l'option B.

  • Coche A à l'écran de sélection :



  • Puis choisis S, le programme va travailler.

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-Clean-(date).log).

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
    7 Mai 2009 18:20:13

    Voilà le rapport !

    Citation :

    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    **** LIMITED TO ****

    Known Adwares
    Eorezo
    It's TV
    Sweetim

    ********************

    Start at: 17:54:53, 07/05/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: 202878480001
    Current User: maxime - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - E:\ (File System: UDF)

    (!) ---- IE start pages/Tabs reset

    ============ Known Adwares Deleted ============

    .
    HKCU\Software\VB and VBA Program Settings\eurobarre
    .
    C:\Documents and Settings\maxime\Menudm~1\Progra~1\Eurobarre
    C:\Documents and Settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\EBSuggestHistory

    +-----------------| Eorezo Elements Deleted :

    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\maxime\Application Data\EoRezo

    +-----------------| It's TV Elements Deleted :

    .

    +-----------------| Sweetim Elements Deleted :

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKCU\Software\SWEETIE
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\WINDOWS\Installer\78aac2.msi
    C:\WINDOWS\Installer\78aac7.msi
    C:\Program Files\Macrogaming

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.



    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: uccy25lm.default (maxime)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    (Prefs.js) REMOVED: user_pref("CT1587331.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
    (Prefs.js) REMOVED: user_pref("CT1587331.CTPBaseServerUrl", "http://services.conduit.com/");
    (Prefs.js) REMOVED: user_pref("CT1587331.Server", "http://users.conduit.com");
    (Prefs.js) REMOVED: user_pref("CT1765355.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
    (Prefs.js) REMOVED: user_pref("CT1765355.CTPBaseServerUrl", "http://services.conduit.com/");
    (Prefs.js) REMOVED: user_pref("CT1765355.Server", "http://users.conduit.com");
    .
    .
    .
    .

    +---------------------------------------------------------------------------+


    a c 333 8 Sécurité
    7 Mai 2009 18:33:34

  • Désinstalle Ad-Remover.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Refais un scan RSIT et poste le rapport log.
    7 Mai 2009 18:45:02

    Pour l'étape 3, cela dit "Windows ne trouve pas combofix" ! ...
    a c 333 8 Sécurité
    7 Mai 2009 18:48:43

    Ce n'est pas grave.

    RSIT : Random's System Information Tool
    7 Mai 2009 18:53:29

    Merci, où le trouver RSIT ? Je l'ai déjà téléchargé ?
    a c 333 8 Sécurité
    7 Mai 2009 18:55:19

    Oui, tout au début.
    7 Mai 2009 19:03:42

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by maxime at 2009-05-07 19:02:52
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 81 GB (55%) free of 147 GB
    Total RAM: 767 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:09, on 07/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\maxime\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\maxime.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

    --
    End of file - 9025 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-20 1968920]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    - []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
    C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-01-01 95960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-01-27 70760]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2
    "SNDSrvc"=2
    "SBService"=2
    "SAVScan"=3
    "navapsvc"=3
    "ccSetMgr"=2
    "ccPwdSvc"=3
    "ccProxy"=2
    "ccEvtMgr"=2

    C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
    Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:p ANDORA"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142ad468-7af3-11da-821b-806d6172696f}]
    shell\AutoRun\command - E:\autorun.exe


    ======List of files/folders created in the last 1 months======

    2009-05-07 16:59:22 ----D---- C:\Program Files\Ad-remover
    2009-05-06 20:45:31 ----SHD---- C:\RECYCLER
    2009-05-06 19:53:18 ----D---- C:\Documents and Settings\maxime\Application Data\Malwarebytes
    2009-05-06 19:53:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-06 19:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-06 18:45:19 ----D---- C:\WINDOWS\temp
    2009-05-06 18:45:17 ----A---- C:\ComboFix.txt
    2009-05-06 14:27:23 ----D---- C:\rsit
    2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
    2009-05-02 22:04:09 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-05-02 22:00:47 ----D---- C:\SDFix
    2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

    ======List of files/folders modified in the last 1 months======

    2009-05-07 18:18:41 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-07 18:13:13 ----D---- C:\WINDOWS
    2009-05-07 18:13:12 ----RD---- C:\Program Files
    2009-05-07 18:12:51 ----SHD---- C:\WINDOWS\Installer
    2009-05-07 17:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-07 16:31:41 ----SD---- C:\WINDOWS\Tasks
    2009-05-07 16:31:36 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
    2009-05-06 22:45:08 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
    2009-05-06 21:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-05-06 20:18:38 ----D---- C:\WINDOWS\system32\drivers
    2009-05-06 20:18:38 ----D---- C:\WINDOWS\system32
    2009-05-06 19:53:18 ----D---- C:\WINDOWS\Prefetch
    2009-05-06 18:45:21 ----D---- C:\Qoobox
    2009-05-06 18:43:36 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-06 18:38:35 ----A---- C:\WINDOWS\system.ini
    2009-05-06 18:35:07 ----D---- C:\WINDOWS\system32\config
    2009-05-06 18:34:52 ----D---- C:\WINDOWS\ERDNT
    2009-05-06 18:32:32 ----D---- C:\WINDOWS\AppPatch
    2009-05-06 18:32:22 ----D---- C:\Program Files\Fichiers communs
    2009-05-06 13:31:56 ----D---- C:\WINDOWS\Minidump
    2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
    2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
    2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
    2009-05-02 21:54:58 ----HD---- C:\Config.Msi
    2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
    2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
    2009-05-01 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
    2009-05-01 14:46:51 ----A---- C:\rapport.txt
    2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
    2009-04-29 22:20:19 ----HD---- C:\WINDOWS\inf
    2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
    2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
    2009-04-16 12:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
    2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
    R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
    R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
    R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
    R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
    R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-01-21 11544]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-01-21 172216]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-01-21 35000]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20080508.002\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-01-21 46808]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
    S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
    S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
    S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG.Sys []
    S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NavEx15.Sys []
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 SAVRT;SAVRT; - []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
    R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
    R3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe /service []
    S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
    S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe /service []
    S2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe /service []
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 ccEvtMgr;Symantec Event Manager; - []
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
    S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    S3 SNDSrvc;Symantec Network Drivers Service; - []
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-03-21 218712]
    S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2006-01-11 87696]
    S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-01-11 235152]
    S4 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2003-12-04 158640]
    S4 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-01-25 194272]
    S4 SBService;ScriptBlocking Service; C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
    S4 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

    -----------------EOF-----------------
    a c 333 8 Sécurité
    7 Mai 2009 19:20:08

  • Supprime les traces de Norton avec ceci.

  • Supprime les traces de BitDefender avec ceci.

  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe afin de lancer l'installation.
  • Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
    (Sous Vista, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur)
  • Appuie sur F ou f puis valide par Entrée.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    7 Mai 2009 21:03:02

    Voici le rapport !!!



    Search Navipromo version 3.7.6 commencé le 07/05/2009 à 20:47:54,01

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : maxime ( Administrator )
    BOOT : Normal boot

    Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


    C:\ (Local Disk) - NTFS - Total:144 Go (Free:101 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)


    Recherche executé en mode normal


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***

    ...\Live-Player trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\maxime\applic~1" ***

    ...\Live-Player trouvé !

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\annie\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\jerome\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\maxime\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\annie\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\jerome\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\maxime\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\annie\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\jerome\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\maxime\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\annie\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\jerome\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\maxime\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\annie\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\jerome\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :



    *** Analyse terminée le 07/05/2009 à 21:01:43,50 ***
    a c 333 8 Sécurité
    7 Mai 2009 21:14:22

  • Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

    ---> Les programmes suivants installent cette infection :
  • Funky Emoticons
  • Games Attack
  • Go-Astro
  • GoRecord
  • HotTVPlayer
  • Live-Player
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • Sudoplanet
  • WebMediaPlayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    7 Mai 2009 22:00:37

    Rapport :


    Clean Navipromo version 3.7.6 commencé le 07/05/2009 à 21:52:24,90

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : maxime ( Administrator )
    BOOT : Normal boot

    Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


    C:\ (Local Disk) - NTFS - Total:144 Go (Free:101 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)


    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\maxime\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\annie\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\jerome\locals~1\applic~1" *


    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***

    ...\Live-Player ...suppression...
    ...\Live-Player supprimé !


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\maxime\applic~1" ***

    ...\Live-Player ...suppression...
    ...\Live-Player supprimé !


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\annie\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\jerome\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\maxime\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\annie\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\jerome\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\maxime\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\annie\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\jerome\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\maxime\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\maxime\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\annie\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\jerome\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***



    *** Nettoyage terminé le 07/05/2009 à 21:58:07,57 ***

    a c 333 8 Sécurité
    7 Mai 2009 22:02:38

  • Désinstalle Navilog1.

  • Refais un scan RSIT et poste le rapport log.
    7 Mai 2009 22:42:32

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by maxime at 2009-05-07 22:41:42
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 103 GB (70%) free of 147 GB
    Total RAM: 767 MB (41% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:42:02, on 07/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\maxime\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\maxime.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

    [DeleteTemplates.reg]
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
    HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

    [DeleteAutosearch.reg]
    ; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
    HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

    [Strings]
    START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 8411 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    - []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
    C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
    C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymWSC"=2
    "SNDSrvc"=2
    "SBService"=2
    "SAVScan"=3
    "navapsvc"=3
    "ccSetMgr"=2
    "ccPwdSvc"=3
    "ccProxy"=2
    "ccEvtMgr"=2

    C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
    Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
    "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:p ANDORA"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Documents and Settings\maxime\Local Settings\temp\7zS210.tmp\SymNRT.exe"="C:\Documents and Settings\maxime\Local Settings\temp\7zS210.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
    "C:\Documents and Settings\maxime\Local Settings\temp\7zS212.tmp\SymNRT.exe"="C:\Documents and Settings\maxime\Local Settings\temp\7zS212.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142ad468-7af3-11da-821b-806d6172696f}]
    shell\AutoRun\command - E:\Launcher.exe


    ======List of files/folders created in the last 1 months======

    2009-05-07 21:52:24 ----A---- C:\cleannavi.txt
    2009-05-07 21:40:45 ----D---- C:\Documents and Settings\maxime\Application Data\Pro Cycling Manager 2008
    2009-05-07 16:59:22 ----D---- C:\Program Files\Ad-remover
    2009-05-06 20:45:31 ----SHD---- C:\RECYCLER
    2009-05-06 19:53:18 ----D---- C:\Documents and Settings\maxime\Application Data\Malwarebytes
    2009-05-06 19:53:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-06 19:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-06 18:45:19 ----D---- C:\WINDOWS\temp
    2009-05-06 18:45:17 ----A---- C:\ComboFix.txt
    2009-05-06 14:27:23 ----D---- C:\rsit
    2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
    2009-05-02 22:00:47 ----D---- C:\SDFix
    2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

    ======List of files/folders modified in the last 1 months======

    2009-05-07 22:41:58 ----D---- C:\WINDOWS\Prefetch
    2009-05-07 22:40:42 ----D---- C:\Program Files\Navilog1
    2009-05-07 22:05:45 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-07 21:58:07 ----D---- C:\WINDOWS\system32
    2009-05-07 21:57:16 ----RD---- C:\Program Files
    2009-05-07 21:57:07 ----D---- C:\WINDOWS
    2009-05-07 21:56:58 ----SD---- C:\WINDOWS\Tasks
    2009-05-07 21:56:54 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
    2009-05-07 21:55:41 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-07 21:48:13 ----D---- C:\WINDOWS\system32\drivers
    2009-05-07 21:37:36 ----SHD---- C:\WINDOWS\Installer
    2009-05-07 21:37:36 ----HD---- C:\Config.Msi
    2009-05-07 21:37:16 ----RSD---- C:\WINDOWS\assembly
    2009-05-07 21:34:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-07 21:34:05 ----D---- C:\WINDOWS\WinSxS
    2009-05-07 21:33:33 ----HD---- C:\WINDOWS\inf
    2009-05-07 21:27:43 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-07 21:27:34 ----D---- C:\WINDOWS\system32\DirectX
    2009-05-07 21:17:16 ----D---- C:\Program Files\Cyanide
    2009-05-07 21:01:43 ----A---- C:\fixnavi.txt
    2009-05-07 20:47:04 ----D---- C:\WINDOWS\Minidump
    2009-05-07 19:40:55 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
    2009-05-06 22:45:08 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
    2009-05-06 21:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-05-06 18:45:21 ----D---- C:\Qoobox
    2009-05-06 18:38:35 ----A---- C:\WINDOWS\system.ini
    2009-05-06 18:35:07 ----D---- C:\WINDOWS\system32\config
    2009-05-06 18:34:52 ----D---- C:\WINDOWS\ERDNT
    2009-05-06 18:32:32 ----D---- C:\WINDOWS\AppPatch
    2009-05-06 18:32:22 ----D---- C:\Program Files\Fichiers communs
    2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
    2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
    2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
    2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
    2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
    2009-05-01 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
    2009-05-01 14:46:51 ----A---- C:\rapport.txt
    2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
    2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
    2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
    2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
    2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
    R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
    R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
    R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
    R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
    R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
    S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\maxime\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
    R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
    R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
    R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
    S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
    S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

    -----------------EOF-----------------
    a c 333 8 Sécurité
    7 Mai 2009 23:02:07

    Ton PC va mieux ?

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 6
    - Java SE Runtime Environment 6

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\tmp.txt

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    11 Mai 2009 21:05:45

    Désolé pour le retard. j'en suis à la dernière étape, cependant j'ai une question : Tout semble bloqué, je ne peut pas quitter le logiciel, l'ordi ne redémarre pas que faut-il faire ? Les icones du bureau ne s'affichent pas, et lorsque je clic "sur" le logiciel, ça fait un bruit.

    Sinon tout les vidéos (youtube, dailymotion) se stoppent toutes les 5 secondes, et il faut cliquer pour que ca continue et ainsi de suite. Comment y remédier ?
    a c 333 8 Sécurité
    11 Mai 2009 21:22:20

    Depuis quand as-tu ce problème ?
    11 Mai 2009 21:35:33

    Eh bien c'est la première fois que j'ai essayé le logiciel (OTM...) et ça a bugé. Sinon pour les vidéos c'est depuis aujourd'hui (peut-être hier). Aucun soucis pour les vidéos que j'ai sur mon ordi, c'est pour le streaming.
    a c 333 8 Sécurité
    12 Mai 2009 03:33:34

    Peut-être un problème passager avec ta connexion.
    12 Mai 2009 18:12:07

    OK. Sinon je fait comment pour continuer l'étape avec OtMoveIt sachant que ça bloque ??? Passage à une étape suivante ? L'ordi toujours très lent, bien qu'il y ait moins de bugs et de ralentissement sur Internet.
    a c 333 8 Sécurité
    12 Mai 2009 18:16:59

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    4/

  • Fais une défragmentation avec Defraggler.
    14 Mai 2009 17:33:31

    Est-ce grave si dès que Toolscleaner 2 est lancé, ça met "ne répond pas" avec le sablier ? Sinon depuis que j'ai lancé internet il y a quelques heures, la navigation sur le web est quasi-IMPOSSIBLE, pour aller sur ce topic j'ai mis 20 minutes, chaque page de ce forum met 3 à 5 minutes pour s'ouvrir, sans mentir ...
    14 Mai 2009 17:41:00

    Voici pour le grand 1.


    [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\VundoFix.txt: trouvé !
    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\cleannavi.txt: trouvé !
    C:\rapport_clean.txt: trouvé !
    C:\SDFIX: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Rsit: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Ad-remover: trouvé !
    C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: trouvé !
    C:\Program Files\QuickTime\history\units\avenger.txt: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\VundoFix.txt: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\cleannavi.txt: supprimé !
    C:\rapport_clean.txt: supprimé !
    C:\Program Files\QuickTime\history\units\avenger.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\SDFIX: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Ad-remover: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !



    Je passe à l'étape suivante.
    15 Mai 2009 00:30:23

    Défragmentation enfin terminée ...
    15 Mai 2009 17:03:18

    Je fais quoi maintenant ? Y'a t-il un rapport a posté que j'ai oublié ? A noter que l'ordinateur va 1000 fois plus vite qu'hier, aucun soucis à aller sur le forum etc.. cependant je sais pas si c'est finit ...
    a c 333 8 Sécurité
    15 Mai 2009 17:12:54

    Tu peux supprimer ToolsCleaner.

    Tu n'as plus de souci ?
    16 Mai 2009 13:42:58

    OK,merci pour ton aide. L'ordinateur va beaucoup plus vite, j'ai plus aucun soucis sauf un qui persiste : Sur google, lorsque je clic sur un lien ça m'emmène ailleurs, je suis obligé de copier l'url pour accéder au site !
    a c 333 8 Sécurité
    16 Mai 2009 13:44:09

    Ça t'emmène où ?
    16 Mai 2009 18:29:54

    Par exemple tout à l'heure ça m'a emmené sur un site d'un association pour les enfants pauvres, puis sur un site écologiste et à l'instant sur un site faisait de la pub pour des jeux de portables.
    a c 333 8 Sécurité
    17 Mai 2009 16:36:04

  • Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
  • Double-clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)
    17 Mai 2009 20:46:31

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-17 19:06:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    18 Mai 2009 19:14:09

    Aujourd'hui l'ordi lag assez,on dirait que c'est aléatoire ...
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS